依赖
lumen:5.6
php: 7.0
jwt-auth 安装
composer require tymon/jwt-auth:"^1.0@dev"
#指定安装1.0的版本,0.5版本 lumen下有问题
注册服务
启动文件 bootstrap/app.php
中添加
// 取消 AuthServiceProvider注释,开启 Auth 认证服务
$app->register(App\Providers\AuthServiceProvider::class);
// 注册 JWTAuth 服务
$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
注册 auth 认证中间件 bootstrap/app.php
$app->routeMiddleware([
'auth' => App\Http\Middleware\Authenticate::class,
]);
生成密钥
php artisan jwt:secret
#会在 .env 中生成 JWT_SECRET
配置 user 认证模型
app/Models/User.php
namespace App\Models;
use Illuminate\Auth\Authenticatable;
use Laravel\Lumen\Auth\Authorizable;
use Illuminate\Database\Eloquent\Model;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
class User extends Model implements AuthenticatableContract, AuthorizableContract,JWTSubject
{
use Authenticatable, Authorizable;
protected $table = 'users';
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email',
];
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = [
'password',
];
// Rest omitted for brevity
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* @return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
配置 auth 认证
添加默认api认证 config/auth.php
关于 config 配置文件使用可以查看 Lumen的配置文件使用
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
配置 api 认证驱动和服务
'guards' => [
'api' => [
'driver' => 'jwt', // jwt 认证
'provider' => 'user',
],
],
配置 api.user 服务
'providers' => [
'user' => [
'driver' => 'eloquent', // 驱动类型
'model' => App\Models\User::class, // user 模型
],
],
登陆授权,发放令牌
用户登陆后,生成令牌返回给客户端
登陆控制器中:Http/Auth/AuthController.php
/**
* 用户登陆
*
* @param Request $request
* @return \Illuminate\Http\JsonResponse json
*/
public function login(Request $request)
{
$credentials = $credentials = $request->only('email', 'password');
$token = app('auth')->attempt($credentials);
if (! $token ) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return response()->json(compact('token'));
}
//token 返回:
//"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0"
权限校验
给需要登陆权限的模块添加 api.auth
认证中间件
$router->group(['middleware' => 'api.auth'], function () use ($router) {
$router->post('/admin', 'Admin\IndexController@index');
...
//需要登陆认证的controller
});
构造请求
客户端在登陆获取返回的 token 后,每次携带上 token 就可以访问相关受保护的接口了
方法一:在header头中添加 Authorization 认证
Authorization: Bearer token
//for example:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0
图示
方法二:在请求参数中携带 token
//for example:
token : eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9sdS5sb2NhbC5jb21cL3NpZ25pbiIsImlhdCI6MTUyODI4MTQ1MCwiZXhwIjoxNTI4MjgxNTEwLCJuYmYiOjE1MjgyODE0NTAsImp0aSI6ImRuV010S2x0a201dktyNm4iLCJzdWIiOjgsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjcifQ.yzdN5Q9y8RaJpVW8-uqPdYAAJ6bHhmE28JBa9_IH7I0
图示
JWT常用配置
常用配置
//用于加密生成 token 的 secret
JWT_SECRET = secret_str
//token 有效的时间长度(以分钟为单位),默认为1小时
//可以将其设置为空,以产生永不过期的标记
JWT_TTL = 60
//token 刷新的时间(以分钟为单位)。默认的时间为 2 周
JWT_REFRESH_TTL = 20160
//token 签名的散列算法。
JWT_ALGO = 'HS256'
jwt配置文件位置
/vendor/tymon/jwt-auth/config/config.php