I developed an API and I have a problem with the expiration of the token, and I try to find ways to refresh the tokens sent by API ,I use custom middleware,When the token is expired, the refreshed token is added to the response headers. The app just needs to search if the response has this, if so, update the saved token.I get
{"code":103,"response":null}
my middleware
<?php
namespace App\Http\Middleware;
use Carbon\Carbon;
use Closure;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Cache;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenBlacklistedException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
class JwtRefresh extends BaseMiddleware {
public function handle($request, Closure $next)
{
try
{
if (! $user = JWTAuth::parseToken()->authenticate() )
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
}
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
return response()->json([
'code' => 103, // means not refreshable
'response' => null // nothing to show
]);
}
}
catch (JWTException $e)
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
// Login the user instance for global usage
Auth::login($user, false);
return $next($request);
}
}
I think you just need to do this,
if ($expired) {
try {
$newToken = $this->auth->setRequest($request)
->parseToken()
->refresh();
$user = $this->auth->authenticate($newToken);
} catch (TokenExpiredException $e) {
return $this->respond('tymon.jwt.expired', 'token_expired', $e->getStatusCode(), [$e]);
} catch (JWTException $e) {
return $this->respond('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode(), [$e]);
}
// send the refreshed token back to the client
$request->headers->set('Authorization', 'Bearer ' . $newToken);
}
Hope this will helps you.
Related
I'm using V1 of https://github.com/tymondesigns/jwt-auth
I need to create an expired token, to test the TokenExpiredException in my code:
public function handle($request, Closure $next)
{
try {
JWTAuth::parseToken()->authenticate();
} catch (Exception $e) {
if ($e instanceof TokenInvalidException) {
return response()->json(['status' => 'Token is Invalid'], 401);
} elseif ($e instanceof TokenExpiredException) {
return response()->json(['status' => 'Token is Expired'], 401);
} else {
return response()->json(['status' => 'Authorization Token not found'], 401);
}
}
return $next($request);
}
I cannot do it:
public function setUp(): void
{
parent::setUp();
$password = '123456';
$user = new User([
'email' => 'info#example.com',
'password' => Hash::make($password),
]);
$user->save();
}
public function testExpiredToken()
{
$user = User::first();
$token = JWTAuth::fromUser($user, ['exp'=> 123456]);
$response = $this->withHeaders([
'Authorization' => 'Bearer '.$token,
])->get(Route('test_data_read_closed'));
$response->assertStatus(401);
}
But I get 200 from my test (token accepted, I got answer from my route) and not 401.
How can I create an expired token? Thank you
I spent hours trying to figure out why it was still responding with a 200 success code when an expired JWT is sent (for testing purposes). It turns out that the JWT package caches the claims in the \Tymon\JWTAuth\Factory instance. To fix it, you just have to clear the claims after the JWT is generated and before it's sent to a controller:
\Tymon\JWTAuth\Facades\JWTAuth::getPayloadFactory()->emptyClaims();
Otherwise, it thinks it's the same request and will re-use already built \Tymon\JWTAuth\Claims\Claim instances to decode another JWT. I will see about creating an issue on GitHub.
Currently I'm developing Laravel 5.8 with using JWT Auth, everything running as well in Postman, but when I tried for testing on Browser, I got a lot of errors and one by one has been fixed. Now I'm get another error when I try to pass JSON Web Token by using Request. The token isn't provided correctly. After I do sign in process in :
public function signin(Request $request)
{
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
// grab credentials from the request
$credentials = $request->only('username', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json([
'error' => 'Invalid Credentials, username and password dismatches. Or username may not registered.',
'status' => '401'
], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
return response()->json([
'token' => $token
]);
}
The token generated successfully. But when I need the token to another controller, the token generated unsuccessfully, one of example is in this method :
public function index(Request $request)
{
// this will set the token on the object
JWTAuth::parseToken();
// and you can continue to chain methods
$user = JWTAuth::parseToken()->authenticate();
$token = JWTAuth::getToken();
die($token);
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
Everytime I'd like to JWTAuth::parseToken(); I got this error :
The token could not be parsed from the request
So why this happen? And what should I do? Because In signin method, the token successfully generated, but in index I can't access the token. Thanks for your attention.
Token needs to be passed via Headers in each api request
Header Name: Authorization
Expected Value: Bearer --token--
(without the -- ofcourse)
In my laravel app i have installed jwt packages and set the middleware but the the token is invalid or expired or not sent it shows an error not in JSON format bellow are the details of my problems. Every things is working correctly but exception not throw in json format.Exception thrown as error like this (Could not decode token: Error while decoding to JSON: Malformed UTF-8 characters, possibly incorrectly encoded) that is the issue.
this is my jwtMiddleware
public function handle($request, Closure $next)
{
try
{
$user = JWTAuth::parseToken()->authenticate();
}
catch (\JWTException $e)
{
if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException)
{
return response()->json(['status' => 'Token is Invalid']);
}
else if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException)
{
return response()->json(['status' => 'Token is Expired']);
}
else
{
return response()->json(['status' => 'Authorization Token not found']);
}
return response()->json(['status' => $e]);
}
return $next($request);
}
this is the error shows as shown in image
shown exception as error
and expected error like this
required exception
sending postman request
sending to postman
Check that the request that you're sending has this header
{ Authorization: 'Bearer TOKEN' }
How to add this header in Axios:
axios.interceptors.request.use(request => {
if (store.getters.authToken) {
request.headers.common['Authorization'] = `Bearer ${store.getters.authToken}`
}
return request
})
Check that your .htaccess has the rule
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
I show my exception in json formate below way, you can try with this. to show exception in jwt you give this in catch JWTException
$credentials = $request->only('user_name', 'password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json([
'code' => 404,
'response' => 'error',
'errors' => ['massage' => 'invalid email/ or password.']
]);
}
} catch (JWTException $e) {
return response()->json([
'code' => 500,
'response' => 'error',
'errors' => ['massage' => 'failed to create token.']
]);
}
I have checked using Auth::attempt(['email' => $request->email_id, 'password' => $request->password]) which works in web side but gives false in api side .
if (Auth::attempt(['email' => $request->email_id, 'password' => $request->password]))
dd("Successfully Authenticated ");
else dd("false");
Use JWT authentication to authenticate your lumen api
composer require tymon/jwt-auth
after installation follow the configuration
https://github.com/tymondesigns/jwt-auth/wiki
Below authenticate function help to authenticate and return the API token
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
class AuthenticateController extends Controller
{
public function authenticate(Request $request)
{
// grab credentials from the request
$credentials = $request->only('email', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
// all good so return the token
return response()->json(compact('token'));
}
}
I have a Laravel 5 web app with Socialite to login my user by using Facebook account.
This is my callback function:
public function callback(SocialAccountService $service)
{
$user = $service->createOrGetUser(Socialite::driver('facebook')->user());
auth()->login($user);
return redirect()->to('/home');
}
This is my SocialAccountService, basically the function returns the user if existing or creates a new one:
class SocialAccountService
{
public function createOrGetUser(ProviderUser $providerUser)
{
$account = SocialAccount::whereProvider('facebook')
->whereProviderUserId($providerUser->getId())
->first();
if ($account) {
return $account->user;
} else {
$account = new SocialAccount([
'provider_user_id' => $providerUser->getId(),
'provider' => 'facebook'
]);
$user = User::whereEmail($providerUser->getEmail())->first();
if (!$user) {
$user = User::create([
'email' => $providerUser->getEmail(),
'name' => $providerUser->getName(),
]);
}
$account->user()->associate($user);
$account->save();
return $user;
}
}
}
Now the problem is, I am able to make my user login successfully via Facebook, but when the user clicks Cancel on the FB dialog for permission, it breaks.
How can I handle this error? I can see the error message in URL box, but don't know to handle them.
P.S I am fairly new to Laravel and Socialite
in the callback(...) method you can check for presense of the 'code' input field and if it is not there redirect to back to login page with errors.
Example:
function callback(SocialAccountService $service ,Request $request) {
if (! $request->input('code')) {
return redirect('login')->withErrors('Login failed: '.$request->input('error').' - '.$request->input('error_reason'));
}
// rest of your code
}
Try catch is the best practice(it catches all exception)
try
{
$userSocial =Socialite::driver('facebook')
->stateless()->user();
dd($userSocial);
}
catch (\Throwable $e) {
//handle error here for php 7 or 8
} catch (\Exception $e) {
// for php 5
handle error here
}