How does Auth attempt method work in Laravel/Lumen + JWT + User custom model

Question

I have spent a day trying to understand how to inject JWT auth in my API, but unfortunately I have not got any success.

I am using Lumen framework. There is, I think great, library for JWT Auth JWT For Lumen And Laravel. I have successfully installed it by composer, it looks like it works ok, but I have not default User model in my project, I can easily migrate to the default, but I want to understand how does all this stuff work.

I will not post example code here, to make question shorter, here it is JWT Example .

I am relatively new to Laravel and Lumen, so maybe my question is already answered, but I have spent several hours trying to find documentation and understand Auth core in the framework.

I have custom User Model

<?php namespace App\Models;
use Illuminate\Database\Eloquent\Model;
class User extends Model {
    const CREATED_AT = 'createTime';
    const UPDATED_AT = 'updateTime';
    public $timestamps = true;
    protected $table = 'user';
    protected $guarded = ['password','login','id','activationEmail'];
    protected $hidden = [ 'password' ];
    protected function getDateFormat()
    {
        return 'U';
    }
}

And of course custom controller to route request to it.

But the problem is that as I recently discovered that JWT library uses Auth to implement jwt authentication.

And Auth do some magic stuff with default User model which in turn impements UserInterface , should my model also implement this interface ?

I have tried explicitly specify my model in config, but nevertheless it tries to use old model and throws exception that App\User not found.

Please help to find answers for these questions :

1. How does framework by default knows what is the name of my users table and what fields does it have ? Or it assumes that it has users name and columns of the table are common like email,login, password and so on.

2. What happens when attempt method is invoked ? Framework tries to find user by the email for example, if was found, password is checked ?

3. How to specify my custom model, I have tried to change config and got exceptions described in this question Missing argument 1 for Illuminate\Auth\AuthManager::createDriver() lumen and JWT

I would be grateful if someone help to solve and understand this problem.

Thanks everyone for any help.

Answer 1

Implement JWT in laravel is very tiring and confusing, you'll always missing packages and arguments.

try this laravel/lumen package : dingo-api

and here is a simple exemple project which could demostrate the full life cycle of jwt auth. This one is very easy to debug. dingo-api-demo

in the dingo-api-demo project, you may find most of answers to your questions in these following locations

1. /config/jwt.php
2. /config/api.php
3. /config/auth.php

Answer 2

• Login - auth
  • From route-> call your controller using post method
  • In the auth controller, validate the request like,
    • $this->validate($request, [ 'email' => 'required|email|max:255', 'password' => 'required', ]);
    • If this is successfully validated,
      • JWTAuth::attempt($credentials); // credentials should be in array format like array('email' => 'dbfieldname', 'password')
    • if not valid, throw error like,
      • response()->json(['error' => 'invalid_credentials', 'message' => 'Invalid Credentials'], 401)
    • If success, generate token like,
      • response()->json(compact('token'));

Answer 3

Well good question, by default the users table in laravel is going to be users.

You can set the table name within the model by using the $table property.

1. Think of a Model as a representation of a database. If you have a table called books, you would typically have a model called Books. Also within Laravel, to generate a model, from the command line run php artisan make:model ModelName. This will do most of the work for you.

2. When Auth::attempt() is invoked, you pass through a array of credentials and it will match those up against your database. So you could do Auth::attempt(['email' => $email, 'password' => $password]) or Auth::attempt(['username' => $username, 'password' => $password, 'active' => 1], $remember). Yes, the password is checked, you can also manually check a password with Hash::check().

3. When creating a custom model, use the php artisan generate command to make your model for you. Then change the namespace to your directory structure to composer can autoload that class in for you (only if you move the model to say a models directory). From there you will not have to do anything to interact with your database, again a model just represents a table. Unless you create a model called AllBooks to represent a Books table, you would need to define the $table property to be $table = 'Books';.

I would really recommend learning object orientated in-depth before you jump into a framework like Laravel. While it is great you want to do this, it can mislead you.

Also a quick tip, if you are going to continue with laravel/lumen. When creating a table, remember to add an updated_at and created_at datetime field, if you do not do this set the timestamp property to false within the model like so: public $timestamps = false;.

Best of luck!