![Apple Reorganizes Executive Team to Rescue Siri [Report]](https://www.iclarified.com/images/news/96777/96777/96777-640.jpg)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![What are good examples of 'preflight check patterns' on existing applications? [closed]](https://i.sstatic.net/yl2Tr80w.png)
![Release: Rendering Ranger: R² [Rewind]](https://images-3.gog-statics.com/48a9164e1467b7da3bb4ce148b93c2f92cac99bdaa9f96b00268427e797fc455.jpg)
Secure Your Laravel App with JWT Authentication
Learn how to implement JWT authentication in Laravel step by step. A beginner-friendly guide with code examples and best practices. Introduction Authentication is a crucial part of web applications, ensuring that only authorized users can access protected resources. One of the most popular ways to handle authentication in modern applications is by using JSON Web Tokens (JWT). In this guide, we’ll walk you through how to implement JWT authentication in Laravel. Whether you're a complete beginner or just looking for an easy-to-follow tutorial, this guide is for you! What is JWT and Why Use It? JSON Web Token (JWT) is a secure and compact way to transmit authentication data between a client and a server. Here’s why it’s widely used: ✅ Stateless Authentication – No need to store sessions on the server. ✅ Secure – Uses encryption to protect sensitive user information. ✅ Cross-platform – Works with mobile apps, SPAs, and APIs. When a user logs in, the server generates a JWT token, which is then stored in the client (e.g., local storage or HTTP headers). On subsequent requests, the token is sent to verify the user's identity. Step 1: Set Up a New Laravel Project First, make sure you have Laravel installed. If not, install it using Composer: composer create-project --prefer-dist laravel/laravel jwt-auth-app Navigate to your project directory: cd jwt-auth-app Step 2: Install Laravel JWT Package We’ll use tymon/jwt-auth, a popular package for handling JWT authentication in Laravel. Run the following command: composer require tymon/jwt-auth Now, publish the package configuration: php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider" Generate the JWT secret key: php artisan jwt:secret This key is stored in your .env file under JWT_SECRET. Step 3: Configure Authentication Guards Open the config/auth.php file and update the guards array: 'guards' => [ 'api' => [ 'driver' => 'jwt', 'provider' => 'users', ], ], This tells Laravel to use JWT for API authentication. Step 4: Set Up User Model for JWT Modify the User.php model to implement JWTSubject: use Tymon\JWTAuth\Contracts\JWTSubject; class User extends Authenticatable implements JWTSubject { use Notifiable; public function getJWTIdentifier() { return $this->getKey(); } public function getJWTCustomClaims() { return []; } } Step 5: Create Authentication Controller Now, let’s create an authentication controller to handle login, register, and logout. Run: php artisan make:controller AuthController Inside AuthController.php, add the following methods: User Registration public function register(Request $request) { $validatedData = $request->validate([ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:6|confirmed', ]); $user = User::create([ 'name' => $validatedData['name'], 'email' => $validatedData['email'], 'password' => bcrypt($validatedData['password']), ]); $token = auth()->login($user); return response()->json(['token' => $token]); } User Login public function login(Request $request) { $credentials = $request->only('email', 'password'); if (!$token = auth()->attempt($credentials)) { return response()->json(['error' => 'Unauthorized'], 401); } return response()->json(['token' => $token]); } User Logout public function logout() { auth()->logout(); return response()->json(['message' => 'Successfully logged out']); } Step 6: Set Up Routes Open routes/api.php and add the following routes: Route::post('/register', [AuthController::class, 'register']); Route::post('/login', [AuthController::class, 'login']); Route::post('/logout', [AuthController::class, 'logout'])->middleware('auth:api'); Step 7: Protect Routes with JWT Middleware To secure API routes, apply the auth:api middleware: Route::middleware('auth:api')->group(function () { Route::get('/profile', function () { return response()->json(auth()->user()); }); }); Now, only authenticated users can access /profile. Step 8: Testing JWT Authentication Test Registration Send a POST request to: POST http://127.0.0.1:8000/api/register With this JSON payload: { "name": "John Doe", "email": "johndoe@example.com", "password": "password123", "password_confirmation": "password123" } Test Login POST http://127.0.0.1:8000/api/login Payload: { "email": "johndoe@example.com", "password": "password123" } It returns a JWT token: { "token": "your-jwt-token
Learn how to implement JWT authentication in Laravel step by step. A beginner-friendly guide with code examples and best practices.
Introduction
Authentication is a crucial part of web applications, ensuring that only authorized users can access protected resources. One of the most popular ways to handle authentication in modern applications is by using JSON Web Tokens (JWT).
In this guide, we’ll walk you through how to implement JWT authentication in Laravel. Whether you're a complete beginner or just looking for an easy-to-follow tutorial, this guide is for you!
What is JWT and Why Use It?
JSON Web Token (JWT) is a secure and compact way to transmit authentication data between a client and a server. Here’s why it’s widely used:
✅ Stateless Authentication – No need to store sessions on the server.
✅ Secure – Uses encryption to protect sensitive user information.
✅ Cross-platform – Works with mobile apps, SPAs, and APIs.
When a user logs in, the server generates a JWT token, which is then stored in the client (e.g., local storage or HTTP headers). On subsequent requests, the token is sent to verify the user's identity.
Step 1: Set Up a New Laravel Project
First, make sure you have Laravel installed. If not, install it using Composer:
composer create-project --prefer-dist laravel/laravel jwt-auth-app
Navigate to your project directory:
cd jwt-auth-app
Step 2: Install Laravel JWT Package
We’ll use tymon/jwt-auth, a popular package for handling JWT authentication in Laravel.
Run the following command:
composer require tymon/jwt-auth
Now, publish the package configuration:
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
Generate the JWT secret key:
php artisan jwt:secret
This key is stored in your .env file under JWT_SECRET.
Step 3: Configure Authentication Guards
Open the config/auth.php file and update the guards array:
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
This tells Laravel to use JWT for API authentication.
Step 4: Set Up User Model for JWT
Modify the User.php model to implement JWTSubject:
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
Step 5: Create Authentication Controller
Now, let’s create an authentication controller to handle login, register, and logout.
Run:
php artisan make:controller AuthController
Inside AuthController.php, add the following methods:
User Registration
public function register(Request $request)
{
$validatedData = $request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed',
]);
$user = User::create([
'name' => $validatedData['name'],
'email' => $validatedData['email'],
'password' => bcrypt($validatedData['password']),
]);
$token = auth()->login($user);
return response()->json(['token' => $token]);
}
User Login
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (!$token = auth()->attempt($credentials)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return response()->json(['token' => $token]);
}
User Logout
public function logout()
{
auth()->logout();
return response()->json(['message' => 'Successfully logged out']);
}
Step 6: Set Up Routes
Open routes/api.php and add the following routes:
Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
Route::post('/logout', [AuthController::class, 'logout'])->middleware('auth:api');
Step 7: Protect Routes with JWT Middleware
To secure API routes, apply the auth:api middleware:
Route::middleware('auth:api')->group(function () {
Route::get('/profile', function () {
return response()->json(auth()->user());
});
});
Now, only authenticated users can access /profile.
Step 8: Testing JWT Authentication
Test Registration
Send a POST request to:
POST http://127.0.0.1:8000/api/register
With this JSON payload:
{
"name": "John Doe",
"email": "johndoe@example.com",
"password": "password123",
"password_confirmation": "password123"
}
Test Login
POST http://127.0.0.1:8000/api/login
Payload:
{
"email": "johndoe@example.com",
"password": "password123"
}
It returns a JWT token:
{
"token": "your-jwt-token-here"
}
Test Accessing a Protected Route
Use the token to access /profile:
GET http://127.0.0.1:8000/api/profile
Set the Authorization header:
Authorization: Bearer your-jwt-token-here
If successful, it returns the authenticated user’s details.
Conclusion
Congratulations!
