Laravel 5 Creating Custom Tokens And Parsing Back Using JWT

Question

I am a newbie to JWT Token System in laravel 5 and using tymon JWT Auth

I managed to create my custom JWT token and my code as follows

use App\Http\Requests;
use App\Http\Controllers\Controller;

use Illuminate\Http\Request;
use Tymon\JWTAuth\JWTManager as JWT;
use JWTAuth;
use JWTFactory;

use Tymon\JWTAuth\Exceptions\JWTException;


public function login(Request $request)
    {

        $customClaims = ['foo' => 'bar', 'baz' => 'bob'];

        $payload = JWTFactory::make($customClaims);

        $token = JWTAuth::encode($payload);

        //  return response()->json(compact('token')); // This didnt work?Why?

        return response()->json(compact($token))->header('Authorization','Bearer '.$token);

    }

    public function getUser(){

        $token = JWTAuth::parseToken();

        echo $token;

    }

Here are my following clarifications required

//  return response()->json(compact('token'));

1. Why this gave me an empty json object as {"token":{}}

2. Is it the right way, i could send my custom data in token and get it back the foo and baz values from the same token?

3. The output of my code while testing with postman is an empty array. as []. But my headers are added with Authorization →Bearer eyJ0eXAiOiJKV1QiLCJhbG... Is this correct?

3a. Instead of a simple blank array, i need a success message as 'authorized':true. How can i achieve it?

4. How should i pass this token back to test. Where should this token be passed using postman. I passed it through Headers as shown in the image

5. How could i parse this token using laravel and get the custom data i.e foo and baz sent as a token. The method i called is getUser here.

Answer 1

you can use this method in your user model :

/**
 * Return a key value array, containing any custom claims to be added to the JWT.
 *
 * @return array
 */
public function getJWTCustomClaims()
{
    return [
        'perms' => '

        '
    ];
}

Answer 2

I had the same problem here and i got the following solution:

public function whatEver()
{
    $token = JWTAuth::parseToken();
    $response = $token->getPayload()->get('foo');
    return $response
}

this should return bar.

Answer 3

1. I dont think the token creation is being built properly. Below is working code for login token creation. For this, make sure that the 'user' model under your config/jwt.php is the correct eloquent user model for your application.

   $user = array(
       'user' => $request->input('email'),
       'password' => $request->input('pass')
   );
   
   $customClaims= ['usr' => $user['user']];
   
   if(!$token = JWTAuth::attempt($user, $customClaims)){
       abort(401);
   }
   else{
       return response()->json(compact('token'));
   }
   

2. Also included in the above code with the custom claims variable, you were on the right track with that just needs to be passed as a second parameter in the attempt function.

3. Only the client needs to send the authorization: Bearertoken header to prove that they are who they say they are (I am coming from an android client/server jwt background. So sorry if this doesnt apply to your application).

3a. For any subsequent pages that the user browses to, you simply add an if statement like this

      if(!$user = JWTAuth::parseToken()->authenticate()){
            abort(401);
    }
    else{
         // Code allowing the user to see protected content
    }

4. See answer to question 3. include an http header with authorization BearerToken

5. To extract the data from the JWT Payload, you will need to decode the base64 encoded text from the text after the first period in the token and send that to a string. Then run that string through the base64_decode($string) function. That should start to give you some of the payload data.

Hope this helps.