Methods
The following methods are available on the Auth guard instance.
Multiple Guards
If the newly created 'api' guard is not set as a default guard or you have defined multiple guards to handle authentication, you should specify the guard when calling auth().
$token = auth('api')->attempt($credentials);
attempt()
Attempt to authenticate a user via some credentials.
// Generate a token for the user if the credentials are valid
$token = auth()->attempt($credentials);
This will return either a jwt or null
login()
Log a user in and return a jwt for them.
// Get some user from somewhere
$user = User::first();
// Get the token
$token = auth()->login($user);
user()
Get the currently authenticated user.
// Get the currently authenticated user
$user = auth()->user();
If the user is not then authenticated, then null
will be returned.
userOrFail()
Get the currently authenticated user or throw an exception.
try {
$user = auth()->userOrFail();
} catch (\PHPOpenSourceSaver\JWTAuth\Exceptions\UserNotDefinedException $e) {
// do something
}
If the user is not set, then a PHPOpenSourceSaver\JWTAuth\Exceptions\UserNotDefinedException
will be thrown.
logout()
Log the user out - which will invalidate the current token and unset the authenticated user.
auth()->logout();
// Pass true to force the token to be blacklisted "forever"
auth()->logout(true);
refresh()
Refresh a token, which invalidates the current one.
$newToken = auth()->refresh();
// Pass true as the first param to force the token to be blacklisted "forever".
// The second parameter will reset the claims for the new token
$newToken = auth()->refresh(true, true);
invalidate()
Invalidate the token (add it to the blacklist).
auth()->invalidate();
// Pass true as the first param to force the token to be blacklisted "forever".
auth()->invalidate(true);
tokenById()
Get a token based on a given user's id.
$token = auth()->tokenById(123);
payload()
Get the raw JWT payload.
$payload = auth()->payload();
// then you can access the claims directly e.g.
$payload->get('sub'); // = 123
$payload['jti']; // = 'asfe4fq434asdf'
$payload('exp') // = 123456
$payload->toArray(); // = ['sub' => 123, 'exp' => 123456, 'jti' => 'asfe4fq434asdf'] etc
validate()
Validate a user's credentials.
if (auth()->validate($credentials)) {
// credentials are valid
}
More advanced usage
Adding custom claims
$token = auth()->claims(['foo' => 'bar'])->attempt($credentials);
Set the token explicitly
$user = auth()->setToken('eyJhb...')->user();
Set the request instance explicitly
$user = auth()->setRequest($request)->user();
Override the token ttl
This example sets the token to expire after 2 hours.
$token = auth()->setTTL(120)->attempt($credentials);