Level 80
@nite You should only be using JWTs server to server. If you generate JWTs client side then they’re not secure, as anyone can then see your signing key and algorithm, and create their own JWTs.
1 like
Aug 3, 2022
5
Level 1
Laravel App connecting to a JWT protected Laravel API
I have to develop a JWT protected API with Laravel. In order to do so I will probably use the following package that seems to be quite popular for this https://github.com/tymondesigns/jwt-auth
Now, this API will be used by third parties AND by another Laravel App that I'll have to make. This Laravel App will have to basically only function as a frontend, and will have to utilize the API for authentication and database operations.
Is this something that can be done ?
How would I use my Laravel API from my Laravel frontend app ?
Are there other solutions that I should consider for this ?
My company REALLY wants me to use JWT for authentication but to my understanding Passport doesnt really use that (and its token payload cannot be customized)
Thanks
Level 1
@martinbean Martin, you've always helped me, you are my last hope to save my job LOL
You might have misunderstood my question, I was planning to generate JWTs with the Laravel API application. I'd then have another Laravel application (so server side as well) that would serve as a 'frontend', serving views basically.
Now, this second app would have to communicate with the API in some way, to both handle authentication and fetch resources needed for the views.
Now, the API will also have to be usable by third party clients, which would have an account and would request a JWT as well to be able to consume the API.
Do you think I should try to use Passport to implement this ? Or can it be done with that JWT package I linked ?
Thanks
Level 80
@Nite Yes, Passport (OAuth) sounds the way to go if you’re just wanting various first and third parties to authenticate with your API.
1 like
Level 4
@nite Passport uses JWT token, and you can customize the token, and add what you want to the token in plain text or inside the token claim. here How I do it in gist. this class has to issue the token instead of the normal Passport class
https://gist.github.com/Elshaden/46e79ec1cfac7d950a0b12c9217a92f5
1 like
Level 1
@Shaden could you explain me in more details how to use this class ?
At the moment to generate tokens I'm using something like this in my AuthController's login function $accessToken = auth()->user()->createToken('authToken')->accessToken;
Thank you for helping !
Please or to participate in this conversation.