Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

DhrutiPandyaOB's avatar

Upgrade and Authentication Improvement in Laravel Project

Hello everyone,

We've encountered a bit of a situation with our Laravel project that we wanted to discuss. We're in the process of moving it from the older version, Laravel 5.4, to the new and improved Laravel 10 neighborhood. Alongside that, we're tackling some authentication challenges, particularly with JWT and role-based authentication.

This isn't just your average upgrade; it's pretty crucial for the longevity and security of our project. So, we're hoping to gather some insights and tips from the Laravel community to help us out.

Here are the specific challenges we're facing:

  1. Compatibility Quandaries:

    • Our current setup with tymon/jwt-auth and zizaco/entrust isn't quite aligning with Laravel 10 and PHP 8.3. We need to figure out how to update everything.

  2. Migration Mayhem:

    • Going from Laravel 5.4 to Laravel 10 feels like a bit of a leap. We're expecting some hurdles along the way and could use guidance on making this transition smoother.

  3. Authentication Adventure:

    • We want to ensure our authentication is top-notch. This involves seamlessly integrating JWT authentication with Laravel 10 and potentially exploring new options for role-based authentication.

Requested Solutions:

  1. Migration Magic:

    • Any tips, tricks, or best practices for upgrading our Laravel project without too much frustration would be appreciated.

  2. JWT Jive:

    • Ideas on how to make JWT authentication work well with Laravel 10 would be fantastic. Additionally, clever hacks for enhancing JWT token data for role-based authentication are welcome.

  3. Role-Based Authentication Rendezvous:

    • Since zizaco/entrust won't be making the journey to Laravel 10, we're open to suggestions for alternative role-based authentication solutions. Or, if you're feeling adventurous, guidance on rolling out a custom solution would be great.

  4. Middleware Musings:

    • Advice on tweaking our middleware to ensure it's compatible with the new authentication setup would be helpful. Specifically, we want to maintain rock-solid role-based access control.

Now, please keep in mind that the old version of the project is functioning perfectly fine, and we have quite a large database, so we can't make any major changes to it.

Has anyone faced similar issues? If so, what was your action plan?

We're open to all suggestions. Thanks! :)

0 likes
11 replies
DhrutiPandyaOB's avatar

@Tray2 Thanks for the suggestion @tray2 but using laravelshift would be lengthy and costly process.and i have tried first upgrade which is laravel 5.4 to laravel 5.5 but it is not effective for me.so i am left with this one solution which is to update all library manually.

Tray2's avatar

@DhrutiPandyaOB cheaper that spending hundreds of hours doing it yourself.

If you don't wanna use Shift, then I suggest creating a new project and move route by route to the new project.

DhrutiPandyaOB's avatar

@Tray2 I am doing same.i moving code one by one in route and it is working just fine. i just have to change few thing in code. now issue is managing JWT authentication and role-based access. The library which was used in old version is not supported in new one and i have tried using alternatives of other role based authentication library but they do not work with my custom middleware.

so mostly i need help in setting that up.

martinbean's avatar

@DhrutiPandyaOB JWT is a specification. It is not package-specific. Just use an up-to-date library to create and read JWTs. Passport uses the firebase/php-jwt library, for example.

DhrutiPandyaOB's avatar

@martinbean Thank you for the suggestion but we have been using tymon/jwt-auth package for most of our project and I would like to mention that the laravel project we are using is strictly for API and for frontend we are using enguler so in every response we get JWT token.so we can not drastically change the structure.

martinbean's avatar

@DhrutiPandyaOB And again, a JWT token follows the same spec, no matter what language or library was used to generate it. So you can swap the tymon/jwt-auth package for the one I mention and still generate and read JWTs.

DhrutiPandyaOB's avatar

Hello, Its been a long time.and the requirement was put on hold for some time.Now i am back to working on it. through this time i have done some RDN and i have some other question. As i have mention above my Laravel project is strictly for the API purpose and for every request i will get a JWT token and then i will varify it though middelware.

Now main question is what would be best way to do authentication in laravel? should i stick to the Tymon or Laravel senctum is more secure ?

Please let me your opinion on this. @martinbean , @Tray2 ,@Snapey

Please or to participate in this conversation.