Methods

The following methods are available on the Auth guard instance.

Multiple Guards

If the newly created 'api' guard is not set as a default guard or you have defined multiple guards to handle authentication, you should specify the guard when calling auth().

  $token = auth('api')->attempt($credentials);

attempt()

Attempt to authenticate a user via some credentials.

// Generate a token for the user if the credentials are valid
$token = auth()->attempt($credentials);

This will return either a jwt or null

login()

Log a user in and return a jwt for them.

// Get some user from somewhere
$user = User::first();

// Get the token
$token = auth()->login($user);

user()

Get the currently authenticated user.

// Get the currently authenticated user
$user = auth()->user();

If the user is not then authenticated, then null will be returned.

userOrFail()

Get the currently authenticated user or throw an exception.

try {
    $user = auth()->userOrFail();
} catch (\PHPOpenSourceSaver\JWTAuth\Exceptions\UserNotDefinedException $e) {
    // do something
}

If the user is not set, then a PHPOpenSourceSaver\JWTAuth\Exceptions\UserNotDefinedException will be thrown.

logout()

Log the user out - which will invalidate the current token and unset the authenticated user.

auth()->logout();

// Pass true to force the token to be blacklisted "forever"
auth()->logout(true);

refresh()

Refresh a token, which invalidates the current one.

$newToken = auth()->refresh();

// Pass true as the first param to force the token to be blacklisted "forever".
// The second parameter will reset the claims for the new token
$newToken = auth()->refresh(true, true);

invalidate()

Invalidate the token (add it to the blacklist).

auth()->invalidate();

// Pass true as the first param to force the token to be blacklisted "forever".
auth()->invalidate(true);

tokenById()

Get a token based on a given user's id.

$token = auth()->tokenById(123);

payload()

Get the raw JWT payload.

$payload = auth()->payload();

// then you can access the claims directly e.g.
$payload->get('sub'); // = 123
$payload['jti']; // = 'asfe4fq434asdf'
$payload('exp') // = 123456
$payload->toArray(); // = ['sub' => 123, 'exp' => 123456, 'jti' => 'asfe4fq434asdf'] etc

validate()

Validate a user's credentials.

if (auth()->validate($credentials)) {
    // credentials are valid
}

More advanced usage

Adding custom claims

$token = auth()->claims(['foo' => 'bar'])->attempt($credentials);

Set the token explicitly

$user = auth()->setToken('eyJhb...')->user();

Set the request instance explicitly

$user = auth()->setRequest($request)->user();

Override the token ttl

This example sets the token to expire after 2 hours.

$token = auth()->setTTL(120)->attempt($credentials);