Laravel 11 JSON Web Token(JWT) API Authentication教程

在这篇文章中，我将向您展示如何在 laravel 11 应用程序中使用 JWT 令牌进行 API 身份验证。我们将从头开始学习 API、JWT REST API 和 Laravel JWT 身份验证，并创建一个示例 API。

什么是API？

API（应用程序编程接口）只是两个或多个计算机程序之间的一种通信方式。

API 还用于 Web 和移动应用程序开发;因此，构建 REST API 对于任何 Web 和移动应用程序开发人员都非常重要。

什么是JWT？

JWT 代表 JSON Web 令牌，它是一个开放标准（RFC 7519），它定义了一种紧凑且自包含的方式，用于将信息作为 JSON 对象在各方之间安全地传输。JWT 通常用于授权、信息交换等。

在此示例中，我们将安装 Laravel 11 应用程序。然后，我们将安装api。然后我们将使用php-open-source-saver/jwt-auth包来使用JWT。之后，我们将创建用于用户身份验证的 register、login、refresh、profile 和 logout API。那么，让我们按照以下步骤逐步完成此示例：

按照以下几个步骤在 laravel 11 应用程序中创建一个 restful API 示例。

第一步: 安装 Laravel 11

如果已经安装可以忽略;如果您尚未创建Laravel应用程序，则可以继续执行以下命令：

composer create-project laravel/laravel example-app

第二步：启用 API 并更新身份验证

默认情况下，laravel 11 API 路由在 laravel 11 中未启用。我们将使用以下命令启用 API：

php artisan install:api

现在，如果用户未进行身份验证，则exception将调用，我们将返回json响应。那么，让我们更新app.php文件。

bootstrap/app.php

<?phpuse Illuminate\Foundation\Application;use Illuminate\Foundation\Configuration\Exceptions;use Illuminate\Foundation\Configuration\Middleware;use Illuminate\Auth\AuthenticationException;use Illuminate\Http\Request;return Application::configure(basePath: dirname(__DIR__))    ->withRouting(        web: __DIR__.'/../routes/web.php',        api: __DIR__.'/../routes/api.php',        commands: __DIR__.'/../routes/console.php',        health: '/up',    )    ->withMiddleware(function (Middleware $middleware) {        //    })    ->withExceptions(function (Exceptions $exceptions) {        $exceptions->render(function (AuthenticationException $e, Request $request) {            if ($request->is('api/*')) {                return response()->json([                    'message' => $e->getMessage(),                ], 401);            }        });    })->create();

安装和设置 JWT Auth 软件包

在此步骤中，我们将安装 php-open-source-saver/jwt-auth composer 包。

composer require php-open-source-saver/jwt-auth

包配置文件：

php artisan vendor:publish --provider="PHPOpenSourceSaver\JWTAuth\Providers\LaravelServiceProvider"

接下来，生成密钥。这将在 .env 文件上添加 JWT 配置值：

php artisan jwt:secret

现在，我们将更新 Auth Guard 配置文件。

config/auth.php

<?phpreturn [    /*    |--------------------------------------------------------------------------    | Authentication Defaults    |--------------------------------------------------------------------------    |    | This option defines the default authentication "guard" and password    | reset "broker" for your application. You may change these values    | as required, but they're a perfect start for most applications.    |    */    'defaults' => [        'guard' => 'api',        'passwords' => 'users',    ],    /*    |--------------------------------------------------------------------------    | Authentication Guards    |--------------------------------------------------------------------------    |    | Next, you may define every authentication guard for your application.    | Of course, a great default configuration has been defined for you    | which utilizes session storage plus the Eloquent user provider.    |    | All authentication guards have a user provider, which defines how the    | users are actually retrieved out of your database or other storage    | system used by the application. Typically, Eloquent is utilized.    |    | Supported: "session"    |    */    'guards' => [        'web' => [            'driver' => 'session',            'provider' => 'users',        ],        'api' => [            'driver' => 'jwt',            'provider' => 'users',        ],    ],    ...

更新 User 模型

在该模型中，我们首先在用户模型上实现Tymon\JWTAuth\Contracts\JWTSubject合约，然后实现getJWTIdentifier（） 和 getJWTCustomClaims（）方法。

app/Models/User.php

<?phpnamespace App\Models;use Illuminate\Database\Eloquent\Factories\HasFactory;use Illuminate\Foundation\Auth\User as Authenticatable;use Illuminate\Notifications\Notifiable;use PHPOpenSourceSaver\JWTAuth\Contracts\JWTSubject; class User extends Authenticatable implements JWTSubject{    use HasFactory, Notifiable;    /**     * The attributes that are mass assignable.     *     * @var array     */    protected $fillable = [        'name',        'email',        'password',    ];    /**     * The attributes that should be hidden for serialization.     *     * @var array     */    protected $hidden = [        'password',        'remember_token',    ];    /**     * Get the attributes that should be cast.     *     * @return array     */    protected function casts(): array    {        return [            'email_verified_at' => 'datetime',            'password' => 'hashed',        ];    }    /**     * Get the identifier that will be stored in the subject claim of the JWT.     *     * @return mixed     */    public function getJWTIdentifier()    {        return $this->getKey();    }     /**     * Return a key value array, containing any custom claims to be added to the JWT.     *     * @return array     */    public function getJWTCustomClaims()    {        return [];    }}

创建 API 路由

在此步骤中，我们将创建 API 路由。Laravel 提供了用于编写 Web 服务路由的 api.php 文件。因此，让我们向该文件添加新路由。

routes/api.php

<?phpuse Illuminate\Support\Facades\Route; Route::group([    'middleware' => 'api',    'prefix' => 'auth'], function ($router) {    Route::post('/register', [App\Http\Controllers\Api\AuthController::class, 'register']);    Route::post('/login', [App\Http\Controllers\Api\AuthController::class, 'login']);    Route::post('/logout', [App\Http\Controllers\Api\AuthController::class, 'logout'])->middleware('auth:api');    Route::post('/refresh', [App\Http\Controllers\Api\AuthController::class, 'refresh'])->middleware('auth:api');    Route::post('/profile', [App\Http\Controllers\Api\AuthController::class, 'profile'])->middleware('auth:api');});

创建 Controller 文件

在下一步中，我们创建了一个名为Controller和AuthController的新控制器。我在 Controllers 文件夹中创建了一个名为 “Api” 的新文件夹，因为我们将为 API 提供单独的控制器。所以，让我们创建两个控制器：

app/Http/Controllers/Api/Controller.php

<?phpnamespace App\Http\Controllers\Api;abstract class Controller{    /**     * success response method.     *     * @return \Illuminate\Http\Response     */    public function sendResponse($result, $message)    {    $response = [            'success' => true,            'data'    => $result,            'message' => $message,        ];         return response()->json($response, 200);    }     /**     * return error response.     *     * @return \Illuminate\Http\Response     */    public function sendError($error, $errorMessages = [], $code = 404)    {    $response = [            'success' => false,            'message' => $error,        ];         if(!empty($errorMessages)){            $response['data'] = $errorMessages;        }         return response()->json($response, $code);    }}

app/Http/Controllers/Api/AuthController.php

<?phpnamespace App\Http\Controllers\Api;  use App\Models\User;use Validator;use Illuminate\Http\Request;  class AuthController extends Controller{     /**     * Register a User.     *     * @return \Illuminate\Http\JsonResponse     */    public function register(Request $request) {        $validator = Validator::make($request->all(), [            'name' => 'required',            'email' => 'required|email',            'password' => 'required',            'c_password' => 'required|same:password',        ]);             if($validator->fails()){            return $this->sendError('Validation Error.', $validator->errors());               }             $input = $request->all();        $input['password'] = bcrypt($input['password']);        $user = User::create($input);        $success['user'] =  $user;           return $this->sendResponse($success, 'User register successfully.');    }        /**     * Get a JWT via given credentials.     *     * @return \Illuminate\Http\JsonResponse     */    public function login()    {        $credentials = request(['email', 'password']);          if (! $token = auth()->attempt($credentials)) {            return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']);        }          $success = $this->respondWithToken($token);           return $this->sendResponse($success, 'User login successfully.');    }      /**     * Get the authenticated User.     *     * @return \Illuminate\Http\JsonResponse     */    public function profile()    {        $success = auth()->user();           return $this->sendResponse($success, 'Refresh token return successfully.');    }      /**     * Log the user out (Invalidate the token).     *     * @return \Illuminate\Http\JsonResponse     */    public function logout()    {        auth()->logout();                return $this->sendResponse([], 'Successfully logged out.');    }      /**     * Refresh a token.     *     * @return \Illuminate\Http\JsonResponse     */    public function refresh()    {        $success = $this->respondWithToken(auth()->refresh());           return $this->sendResponse($success, 'Refresh token return successfully.');    }      /**     * Get the token array structure.     *     * @param  string $token     *     * @return \Illuminate\Http\JsonResponse     */    protected function respondWithToken($token)    {        return [            'access_token' => $token,            'token_type' => 'bearer',            'expires_in' => auth()->factory()->getTTL() * 60        ];    }}

所有必需的步骤都已完成，现在您必须键入以下给定的命令并按 Enter 键以运行 Laravel 应用程序：

php artisan serve

现在，转到您的Postman并检查以下API。

请确保在详细信息API中，我们将使用如下所示的请求头，登陆和注册除外：

'headers' => [    'Accept' => 'application/json',    'Authorization' => 'Bearer '.$accessToken,]

实例效果

以下是运行实例截图。

Register API: 请求方式:POST, URL地址: http://localhost:8000/api/auth/register

Login API: 请求方式:POST, URL地址: http://localhost:8000/api/auth/login

Profile API: 请求方式:POST, URL地址: http://localhost:8000/api/auth/profile

Refresh Token API: 请求方式:POST, URL地址: http://localhost:8000/api/auth/refresh

Logout API: 请求方式:POST, URL地址: http://localhost:8000/api/auth/logout

转载请注来源：Laravel 11 JSON Web Token(JWT) API Authentication教程 | 土尔网络