Securing a Laravel API in 20 minutes with JWTs

UPDATE FOR LARAVEL 6.0+:

I've seen a few comments about the above video not working in Laravel 6. There was a discussion and back-and-forth on the GitHub repo about this, and there seems to be a stable solution out there now. Run "composer require tymon/jwt-auth ^1.0.0" from your project root or update your composer file directly to reflect using version ^1.0.0 of tymon/jwt-auth.

aschmelyun

Thank you, finally someone have explained the jwt process in a way that a beginner can understand

Deepankarsingh

That is so much easier and quicker than trying to setup passport. Great video.

bulldog

Finally something other than passport. You're a hero 🙏🙏🙏

jean-davynizigama

Thank you very much for your video @Andrew.

ariamustofa

Can you please explain the process of when how do we use the refresh token? for example if I have a react native app that consumes the API then after the login, I am going to use the token that I got in first login and won't know if it is expired or no. Do I have to always check if token is expired so that I call the refresh() method or am I missing something?

aminraeisi

This is a great video! Thanks for creating it :)

Devdojo

9:48 How are you able to use the login route without declaring it in the routes/api.php file? I had to create one myself for the login to work

Edit: Okay, I can see the route at 11:28. Declaration must have been edited out by accident lol

flayshon

Very complicated indeed... hopefully some day I will be able to do this shit!

theretroman

this is i needed the most, need to make default guard web, but need API auth

thanks !

fadilrahadiansyah

Thank You Very Much Bro !! :D

But, one thing.. I successfully created a token in one of the applications in cloud hosting. But, another app that is in the same cloud hosting returns true for JWT instead of a token. How can I Fix this ??

KistlakRajapakshaSevenNet

If the token refresh, will it reset the expiration time?

migfus-codes

Great resource, thank you for this great explanation and example of JWT tokens.

aseemlalfakawma

Thx, Very helpful tutorial, and it's working on Laravel 8

mahmoudakoobah

Thank you @Andrew, this is really helpful for new learners like me..

arnabjisit

Just I out curiosity, I want to know why you didn't put the whole code, inside try, while creating post? I use to put whole things inside try and the catch if there any error. Any specific reason for that??

jayantrawat

Hi, I do have a few questions, if you dont mind.
At 7:30 when you just create a new login controller inside the api/auth folder, it creates a very basic scaffolded controller, so when you start building the login function, it has nothing else than the scaffolded lines.
What I had before watching this video, was a copy-pasted login controller generated from the artisan make::auth and tried to customize it. But it requieres to user the `use AuthenticatesUsers;` at the very first line of the class, so I followed the rest of the tutorial and everything works just fine, But if I remove this line "use AuthenticatesUsers;" it stops working, even when on the video, you are not using this.
Secondly, when you just copied the Controller.php inside the /api folder at 9:06, you forgot to fix the namespace, so Im wondering how is that it works.
But bro, so many thanks. This just helped me a LOT!!

arturoatencio

can we use this package for authentication of our private channels for Laravel websockets

hamaadchaudhry

Hello Andrew, I love your tutorials. Please make a video for protecting the routes in vue-router. Thank you!

charlespitagan

thank you for this tutorial, just I want to point out that the try/catch for the authentication user is a best use case to use Laravel middleware instead of putting it within a method in the controller

thamerbelfkih