Phargelm
Reputation: 718
Laravel 5.2 token based authentication vs JWT
I implement authentication for my API service and consider Laravel 5.2 token-based authentication for this. Is there any reasons to use Json Web Tokens instead? Is it actually comparable? I found tymondesigns/jwt-auth package and some tutorials about it. But since Laravel 5.2 supports token authentication natively what is the purpose of this package?
Upvotes: 12
Views: 1732
Answers (1)
henrik
Reputation: 1618
Laravel 5.2 ships with token-based authentication that checks all requests made, look for the token, and validates them against a custom token column in the users table. That's all there is to it.
The JWT-auth package has more to it:
- You can specify a secret key that signs your client tokens with a hashing algorithm, in the similiar way that Laravel hashes passwords so they are not readable if someone might access your database.
- You may set a TTL (time to live) and refresh TTL value for how long a token should be valid.
- You get Providers and Facades to help you manage the authentication logic when implementing your service.
- Also: A JWT token consists of 3 parts, (header, body, signature). These parts can hold information about eg. user claims/permissions/whatever. The laravel token is just a random string and it self holds no further information at all.
Upvotes: 11
Related Questions
- Invalidating JSON Web Tokens
- Where to store JWT in browser? How to protect against CSRF?
- Blacklist old token on reauthenticate with Laravel JWT
- JWT vs cookies for token-based authentication
- JWT (JSON Web Token) automatic prolongation of expiration
- Is a Refresh Token really necessary when using JWT token authentication?
- Use multiple JWT Bearer Authentication
- Laravel 5 JWT-token with multiple tables
- Laravel 5.2 JWT-AUTH Token based authentication
- Error in JWT authentication lumen 5.2