Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

thenorman138's avatar

How to store multiple JWT and decoded tokens

I've changed my laravel auth controller to use JWT authentication (using with internal API and storing passwords in Cognito)

So far, I've gotten the Firebase JWT library to work with decoding the tokens properly. Each token, once decoded, has the username/email of the authenticated user which I'm now using to query my users table in the database which gets there roles and other permissions.

The login aspect of all of this is now working, however, I need to find a way to store multiple tokens with the users session. If I currently dump $user on any page, it dumps all of the values returned from my user model. I'm wondering if there's a way I can store both of my encoded tokens and both decoded tokens with the cache, session, etc.

Basically, I'll need to hit other endpoints with the encoded token(s) but I may also want to reference the scopes of one of the tokens at any given time.

What is the best way to store the 2 encoded tokens and the 2 decoded tokens with Laravel?

    public function login(Request $request)
    {

        //get fields from login form
        $this->validate($request, [
            'email' => 'required',
            'password' => 'required',
        ]);

        $credentials = $request->only('email', 'password');

        $email = $request->input('email');
        $password = $request->input('password');

        //call auth service and function to return token
        $authService = new AuthService();
        $login = $authService->loginGetToken($email, $password);

        //authTokens
        $apiAccess = $login->api_access_token;
        $frontEnd = $login->frontend_access_token;

        //decoded tokens
        $apiAccessResult = JWT::decode($apiAccess, $key, array('HS256')); 
        $frontEndResult = JWT::decode($frontEnd, $key, array('HS256')); 
            
        $user = User::where('email',$apiAccessResult->email)->first();

        if (!is_null($user) && $user->active) {
            Auth::login($user);
            return redirect()->intended($this->redirectPath());
            dd($user);
        } else {
            return redirect(route('auth.login'))
                ->withInput($request->only('email', 'remember'))
                ->withErrors([
                ]);
        }

        return redirect(route('auth.login'))
            ->withInput($request->only('email', 'remember'))
            ->withErrors([
            'email' => $this->getFailedLoginMessage(),
        ]);
    }
0 likes
0 replies

Please or to participate in this conversation.