依赖
lumen:5.6php: 7.0
jwt-auth 安装
composer require tymon/jwt-auth:"^1.0@dev"#指定安装1.0的版本,0.5版本 lumen下有问题
注册服务
启动文件 bootstrap/app.php 中添加
// 取消 AuthServiceProvider注释,开启 Auth 认证服务$app->register(App\Providers\AuthServiceProvider::class);// 注册 JWTAuth 服务$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
注册 auth 认证中间件 bootstrap/app.php
$app->routeMiddleware(['auth' => App\Http\Middleware\Authenticate::class,]);
生成密钥
php artisan jwt:secret#会在 .env 中生成 JWT_SECRET
配置 user 认证模型
app/Models/User.php
namespace App\Models;use Illuminate\Auth\Authenticatable;use Laravel\Lumen\Auth\Authorizable;use Illuminate\Database\Eloquent\Model;use Tymon\JWTAuth\Contracts\JWTSubject;use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;class User extends Model implements AuthenticatableContract, AuthorizableContract,JWTSubject{use Authenticatable, Authorizable;protected $table = 'users';/*** The attributes that are mass assignable.** @var array*/protected $fillable = ['name', 'email',];/*** The attributes excluded from the model's JSON form.** @var array*/protected $hidden = ['password',];// Rest omitted for brevity/*** Get the identifier that will be stored in the subject claim of the JWT.** @return mixed*/public function getJWTIdentifier(){return $this->getKey();}/*** Return a key value array, containing any custom claims to be added to the JWT.** @return array*/public function getJWTCustomClaims(){return [];}}
配置 auth 认证
添加默认api认证 config/auth.php 关于 config 配置文件使用可以查看 Lumen的配置文件使用
'defaults' => ['guard' => 'api','passwords' => 'users',],
配置 api 认证驱动和服务
'guards' => ['api' => ['driver' => 'jwt', // jwt 认证'provider' => 'user',],],
配置 api.user 服务
'providers' => ['user' => ['driver' => 'eloquent', // 驱动类型'model' => App\Models\User::class, // user 模型],],
登陆授权,发放令牌
用户登陆后,生成令牌返回给客户端
登陆控制器中:Http/Auth/AuthController.php
/*** 用户登陆** @param Request $request* @return \Illuminate\Http\JsonResponse json*/public function login(Request $request){$credentials = $credentials = $request->only('email', 'password');$token = app('auth')->attempt($credentials);if (! $token ) {return response()->json(['error' => 'Unauthorized'], 401);}return response()->json(compact('token'));}//token 返回://"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0"
权限校验
给需要登陆权限的模块添加 api.auth 认证中间件
$router->group(['middleware' => 'api.auth'], function () use ($router) {$router->post('/admin', 'Admin\IndexController@index');...//需要登陆认证的controller});
构造请求
客户端在登陆获取返回的 token 后,每次携带上 token 就可以访问相关受保护的接口了
方法一:在header头中添加 Authorization 认证
Authorization: Bearer token//for example:Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0
图示
方法二:在请求参数中携带 token
//for example:token : eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0
图示
JWT常用配置
常用配置
//用于加密生成 token 的 secretJWT_SECRET = secret_str//token 有效的时间长度(以分钟为单位),默认为1小时//可以将其设置为空,以产生永不过期的标记JWT_TTL = 60//token 刷新的时间(以分钟为单位)。默认的时间为 2 周JWT_REFRESH_TTL = 20160//token 签名的散列算法。JWT_ALGO = 'HS256'
jwt配置文件位置
/vendor/tymon/jwt-auth/config/config.php