官方文檔：

jwt-auth

注意：

Laravel 5.5 已經(jīng)不能再使用jwt-auth 0.5.* 等版本了沃饶，請使用最新版本豌蟋，當前最新版為tymon/jwt-auth: 1.0.0-rc.1

一 安裝

• 通過composer安裝

  composer require tymon/jwt-auth
  

  通過該命令安裝的可能為 0.5.* 版本，執(zhí)行上述命令后可按照下面所述升級版本：

  參考：

  Laravel 使用 JWT 做 API 認證之tymon/jwt-auth 1.0.0-beta.1實踐

  • 在composer.json文件中將tymon/jwt-auth版本修改為1.0.0-rc.1："tymon/jwt-auth": "^1.0.0-rc.1"

  • 執(zhí)行

    composer update
    

• 添加到provider

  添加service provider到config/app.php文件的providers數(shù)組中：

  'providers' => [
  
      ...
  
      Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
  ]
  

• 發(fā)布配置

  php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
  

  執(zhí)行后會在config目錄下生成jwt.php文件

• 生成密鑰

  php artisan jwt:secret
  

  執(zhí)行后會在.env文件最后生成JWT_SECRET唁桩，如：JWT_SECRET=158S2Rhux6DLJDwPVZdspU59c7YnIyBJ

二 使用

• 修改User.php

  • 讓User.php實現(xiàn)Tymon\JWTAuth\Contracts\JWTSubject類

  • 實現(xiàn)兩個方法：getJWTIdentifier()和getJWTCustomClaims()

  • 修改后的User.php如下：

    <?php
    
    namespace App;
    
    use Illuminate\Notifications\Notifiable;
    use Illuminate\Foundation\Auth\User as Authenticatable;
    use Tymon\JWTAuth\Contracts\JWTSubject;
    
    class User extends Authenticatable implements JWTSubject
    {
        use Notifiable;
    
        /**
         * The attributes that are mass assignable.
         *
         * @var array
         */
        protected $fillable = [
            'name', 'email', 'password',
        ];
    
        /**
         * The attributes that should be hidden for arrays.
         *
         * @var array
         */
        protected $hidden = [
            'password', 'remember_token',
        ];
    
        /**
         * Get the identifier that will be stored in the subject claim of the JWT.
         *
         * @return mixed
         */
        public function getJWTIdentifier()
        {
            // TODO: Implement getJWTIdentifier() method.
            return $this->getKey();
        }
    
        /**
         * Return a key value array, containing any custom claims to be added to the JWT.
         *
         * @return array
         */
        public function getJWTCustomClaims()
        {
            // TODO: Implement getJWTCustomClaims() method.
            return [];
        }
    }
    

• 配置auth.php

  修改config/auth.php文件中default及guards如下：

  'defaults' => [
      'guard' => 'api',
      'passwords' => 'users',
  ],
  
  ...
  
  'guards' => [
      'api' => [
          'driver' => 'jwt',
          'provider' => 'users',
      ],
  ],
  

• 添加路由

  在routes/api.php中添加路由如下：

  Route::group([
  
      'middleware' => 'api',
      // 'namespace' => 'App\Http\Controllers',// 這一行不需要加敛惊，AuthController中已配置namespace，否則運行時會在App\Http\Controllers\App\Http\Controllers\AuthController 下尋找AuthController凸克，從而報找不到控制器的錯
      'prefix' => 'auth'
  
  ], function ($router) {
  
      Route::post('login', 'AuthController@login');
      Route::post('logout', 'AuthController@logout');
      Route::post('refresh', 'AuthController@refresh');
      Route::post('me', 'AuthController@me');
  
  });
  

  ?

• 創(chuàng)建控制器AuthController

  php artisan make:controller AuthController
  

  內(nèi)容如下：

  <?php
  
  namespace App\Http\Controllers;
  
  use Illuminate\Http\Request;
  use Illuminate\Support\Facades\Auth;
  use App\Http\Controllers\Controller;
  
  class AuthController extends Controller
  {
  
      /**
       * AuthController constructor.
       */
      public function __construct()
      {
          $this->middleware('auth:api', ['except' => ['login']]);
      }
  
      /**
       * Get a JWT token via given credentials.
       *
       * @param  \Illuminate\Http\Request $request
       *
       * @return \Illuminate\Http\JsonResponse
       */
      public function login(Request $request)
      {
          $credentials = $request->only('email', 'password');
  
          $token = $this->guard()->attempt($credentials);
          if ($token) {
              return $this->respondWithToken($token);
          }
  
          return response()->json(['error' => 'Unauthorized'], 401);
      }
  
      /**
       * Get the authenticated User
       *
       * @return \Illuminate\Http\JsonResponse
       */
      public function me()
      {
          return response()->json($this->guard()->user());
      }
  
      /**
       * Log the user out (Invalidate the token)
       *
       * @return \Illuminate\Http\JsonResponse
       */
      public function logout()
      {
          $this->guard()->logout();
  
          return response()->json(['message' => 'Successfully logged out']);
      }
  
      /**
       * Refresh a token.
       *
       * @return \Illuminate\Http\JsonResponse
       */
      public function refresh()
      {
          return $this->respondWithToken($this->guard()->refresh());
      }
  
      /**
       * Get the token array structure.
       *
       * @param  string $token
       *
       * @return \Illuminate\Http\JsonResponse
       */
      protected function respondWithToken($token)
      {
          return response()->json([
              'access_token' => $token,
              'token_type' => 'bearer',
              'expires_in' => $this->guard()->factory()->getTTL() * 60
          ]);
      }
  
      /**
       * Get the guard to be used during authentication.
       *
       * @return \Illuminate\Contracts\Auth\Guard
       */
      public function guard()
      {
          return Auth::guard();
      }
  }
  

三 測試api

• 工程放到xmapp的htdocs目錄下
• 使用Postman訪問，地址：http://localhost/project-name/public/api/auth/login