I have checked using Auth::attempt(['email' => $request->email_id, 'password' => $request->password]) which works in web side but gives false in api side .
if (Auth::attempt(['email' => $request->email_id, 'password' => $request->password]))
dd("Successfully Authenticated ");
else dd("false");
Use JWT authentication to authenticate your lumen api
composer require tymon/jwt-auth
after installation follow the configuration
https://github.com/tymondesigns/jwt-auth/wiki
Below authenticate function help to authenticate and return the API token
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
class AuthenticateController extends Controller
{
public function authenticate(Request $request)
{
// grab credentials from the request
$credentials = $request->only('email', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
// all good so return the token
return response()->json(compact('token'));
}
}
Related
I'm creating an API login for my API application by using JWT. In the default code, JWT use email and password for authenticate.
public function login(Request $request){
$credentials = $request->only(['email', 'password']);
if (!$token = JWTAuth::attempt($credentials)) {
return 'Invalid login details';
}
return $token;
}
But now, i want to change for login by Phone/Email and Password, it mean, when a request coming, i will use Regular expression to recognize that an email or phone. And then, use that's credentials for attempt() function.
Is there any solution for this? Thanks in advance.
I found Request is Illuminate\Http\Request;
and Request->only() returns array.
You can get or set value using
$credentials["email"] or $credentials["password"]
You should easily be able to do this by sending either phone or email as credentials.
if($regexShowsItsAnEmail) {
$credentials = $request->only(['email', 'password']); // or simply $credentials = ['email' => $email, 'password' => $password]
} elseif($regexShowsItsAPhoneNumber) {
$credentials = $request->only(['phone', 'password']); // or simply $credentials = ['phone' => $phone, 'password' => $password]
} else {
return response()->json(['message' => 'Unauthorized'], 401);
}
I'm using V1 of https://github.com/tymondesigns/jwt-auth
I need to create an expired token, to test the TokenExpiredException in my code:
public function handle($request, Closure $next)
{
try {
JWTAuth::parseToken()->authenticate();
} catch (Exception $e) {
if ($e instanceof TokenInvalidException) {
return response()->json(['status' => 'Token is Invalid'], 401);
} elseif ($e instanceof TokenExpiredException) {
return response()->json(['status' => 'Token is Expired'], 401);
} else {
return response()->json(['status' => 'Authorization Token not found'], 401);
}
}
return $next($request);
}
I cannot do it:
public function setUp(): void
{
parent::setUp();
$password = '123456';
$user = new User([
'email' => 'info#example.com',
'password' => Hash::make($password),
]);
$user->save();
}
public function testExpiredToken()
{
$user = User::first();
$token = JWTAuth::fromUser($user, ['exp'=> 123456]);
$response = $this->withHeaders([
'Authorization' => 'Bearer '.$token,
])->get(Route('test_data_read_closed'));
$response->assertStatus(401);
}
But I get 200 from my test (token accepted, I got answer from my route) and not 401.
How can I create an expired token? Thank you
I spent hours trying to figure out why it was still responding with a 200 success code when an expired JWT is sent (for testing purposes). It turns out that the JWT package caches the claims in the \Tymon\JWTAuth\Factory instance. To fix it, you just have to clear the claims after the JWT is generated and before it's sent to a controller:
\Tymon\JWTAuth\Facades\JWTAuth::getPayloadFactory()->emptyClaims();
Otherwise, it thinks it's the same request and will re-use already built \Tymon\JWTAuth\Claims\Claim instances to decode another JWT. I will see about creating an issue on GitHub.
Currently I'm developing Laravel 5.8 with using JWT Auth, everything running as well in Postman, but when I tried for testing on Browser, I got a lot of errors and one by one has been fixed. Now I'm get another error when I try to pass JSON Web Token by using Request. The token isn't provided correctly. After I do sign in process in :
public function signin(Request $request)
{
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
// grab credentials from the request
$credentials = $request->only('username', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json([
'error' => 'Invalid Credentials, username and password dismatches. Or username may not registered.',
'status' => '401'
], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
return response()->json([
'token' => $token
]);
}
The token generated successfully. But when I need the token to another controller, the token generated unsuccessfully, one of example is in this method :
public function index(Request $request)
{
// this will set the token on the object
JWTAuth::parseToken();
// and you can continue to chain methods
$user = JWTAuth::parseToken()->authenticate();
$token = JWTAuth::getToken();
die($token);
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
Everytime I'd like to JWTAuth::parseToken(); I got this error :
The token could not be parsed from the request
So why this happen? And what should I do? Because In signin method, the token successfully generated, but in index I can't access the token. Thanks for your attention.
Token needs to be passed via Headers in each api request
Header Name: Authorization
Expected Value: Bearer --token--
(without the -- ofcourse)
i had developed JWT web token based laravel 5.3 project. Now i was struggled in authentication process because i have create new model like UserAccountsModel and also controller was different.The problem is token not generating. Here is my code
$credentials['Email'] = $request->get('username');
$credentials['Password'] = $request->get('password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
return response()->json(['error' => 'could_not_create_token'], 500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
its only returning invalid_credentials..
so please any one can tell me where will i struggled and what are the configuration i am missing.
So I am developing Ionic app with Laravel back-end and using JWT authentication.
My question is...since im using 4 fields when registering a user, and only 2 when logging in (email and pass), I suppose that upon registration the token should be made of only those 2 fields...
This is the working sign up function:
public function signUp()
{
$credentials = Input::all();
if (User::whereEmail($credentials['email'])->first()) {
return Response::json([
'error' => 'User with given e-mail already exists',
], 409);
} elseif (User::wherePhone($credentials['phone'])->first()) {
return Response::json([
'error' => 'User with given phone number already exists',
], 409);
} else {
$user = User::create($credentials);
$token = JWTAuth::fromUser($user);
return Response::json(compact('token'));
}
}
However if I change $credentials = Input::only('email', 'password') the full user won't be created (since there are fields missing).
But even if I leave $credentials as-is, and make combinations like
$token = JWTAuth::fromUser(Input::only('email', 'password')) or parse e-mail and password to JSON, or something similar...I get a "Trying to get a property of non-object" error, or that array is given instead of an object to JWTAuth...
JWTAuth::fromUser(Input::only('email', 'password')) expects a User object.
If you wish to use credentials you can do something like this:
// grab credentials from the request
$credentials = Input::only('email', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return Response::json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return Response::json(['error' => 'could_not_create_token'], 500);
}
// all good so return the token
return Response::json(compact('token'));
https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens