rcerljenko/laravel-jwt
Composer 安装命令:
composer require rcerljenko/laravel-jwt
包简介
Simple JWT Auth for Laravel PHP Framework
README 文档
README
Simple JWT Auth for Laravel PHP Framework using Firebase JWT under the hood.
Installation
Standard Composer package installation:
composer require rcerljenko/laravel-jwt -v
Usage
- Publish the config file. This will create a
config/jwt.phpfile for basic configuration options.
php artisan vendor:publish --provider="RCerljenko\LaravelJwt\LaravelJwtServiceProvider" --tag="config"
- Add a new auth guard to your auth config file using a
jwtdriver.
// config/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'jwt', 'provider' => 'users', ], ],
- Protect your API routes using this new guard.
// routes/api.php use Illuminate\Support\Facades\Route; Route::middleware('auth:api')->group(function () { // JWT protected routes });
- Use provided
HasJwttrait from this package on your Auth model (eg. User).
namespace App\Models; use RCerljenko\LaravelJwt\Traits\HasJwt; use Illuminate\Notifications\Notifiable; use Illuminate\Foundation\Auth\User as Authenticatable; class User extends Authenticatable { use Notifiable, HasJwt; }
You now have access to token() method on your User model, eg:
$user = User::findOrFail(1); $user->token();
You should probably return this token via Login Controller or User Resource.
Configuration
This package provides simple configuration via config/jwt.php file after you publish the config. Let's go over each configuration option.
secret-key- Secret key to use when encoding / decoding tokens. It should be a random string. Remember, if you change this key all active JWT tokens will be invalidated.hash-algo- Hashing algorithm. List of supported ones are in the config file. You probably don't need to change this.expiration- Default token expiration time in minutes. You can set it tonulland the tokens will never expire.claims- Default claims that will be applied to all tokens (besides the required ones needed for decoding and validation).
This was global configuration for all tokens. Besides that, library provides a local per-model configuration via HasJwt trait helper methods.
getJwtId()- It should return the model unique key used to retrieve that model from database. It defaults to model primary key.getJwtValidFromTime()- It should returnnull(default) or a Carbon instance. You can use that if you want to create tokens which are not active right away.getJwtValidUntilTime()- It should returnnullor a Carbon instance. This sets the JWT expiration time which, by default, uses theexpirationoption from the config file.getJwtCustomClaims()- Should return a key/value array of extra custom claims that you want to be a part of your token. By default it's an empty array.
You can also use configuration directly on the token() method which then overrides all other configurations, eg:
$user->token([ 'id' => $user->email, 'valid_from' => now()->addHour(), 'valid_until' => now()->addDay(), 'claims' => [ 'extra1' => 'foo', 'extra2' => 'bar' ] ]);
You don't need to override all configuration options, just the ones that you wish to change.
Request
Token is extracted from the request in one of three ways:
- From
Authorization: Bearer {token}header (most common). - From URL query param
token. - From request payload using
tokenfield name. - From cookie using
tokenkey.
rcerljenko/laravel-jwt 适用场景与选型建议
rcerljenko/laravel-jwt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 15.19k 次下载、GitHub Stars 达 38, 最近一次更新时间为 2021 年 09 月 10 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 rcerljenko/laravel-jwt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 rcerljenko/laravel-jwt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 15.19k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 38
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-09-10