Laravel with JWT | From Scratch to Exception Handling

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

to implement JWT in level app we need level obviously so lets us install level 5.6 so I will say here laravel new I will call it JWT while it's installing let's go to Chrome and here I will simply say laravel JWT and the first repository come which is Tymondesigns /jwt so open that and if you don't know about JWT just check out that video in the description box where you will learn what exactly JWT is and how it is going to work so in this repository let's go down and you have to go to this unfinished guide so I will open this in new tab and go to level installation you have to pull it by a composer but there is some problem if you catch this package via composer it will give you this tax this zero point five point one two but we need 1.0.0 RC to this one we need RC - okay and here is no explanation about how we will get so what we will do firstly or level app is installed so CD into JWT and why not get this open with code okay so here you will see on the compositor chess and we don't have any JWT so let's open the integrated terminal of code and here I will in say composer required JWT let us see the problem and then the solution so I will install it and then we will see what correction we have to do so now you can see JWT package is installed but if you check this composer dot JSON file we have zero point five point one two as I have told you we don't need this one we need one point zero point zero point RC to this one to correct that we have to say one point zero point - RC - so one point zero point zero - I'll see dot - is that correct yes so after changing here save this composer.json and just say composer update so what you have to do you don't have to firstly install it by a composer then change it you directly go on the computer taught Jason type this one tymon/JWT-auth and then this released version and just composer update so if I hit composer update it will automatically update that repository so now if you see here you can see it says it is updated from this version to this version now what we need to do if I go here on this documentation we don't have to do all these things because we are on 5.6 and we have the auto discovery system there we don't have to provide all these things so next part we just have to run this command to have this JWT dot PHP file inside our config folder so if I go to config folder we can see we don't have any JWT file so let's go and run that command and you can see this is now published inside our config folder so yeah we have this JWT dot PHP file and in this file we have some of the configuration related to JWT so you can see and secret we have to create a secret to encrypt the JWT data and we will obviously generate that and put that on our dot env file ok so let's once more open JWT and then we have some keys the public key private key passphrase all these things TTL how many time the token will be active then refresh time and all these things this is the things related to JWT if you don't know just check out the video as I have told you in in the description so it is done and what next point we have to do we have to generate the secret as I have told you again open the terminal' and paste that and yes this time if we go to dot env file you can see JWT secret is generated okay so these are the things essential to just start with JWT but what next on the next part obviously this is for lumen okay so for the next part we just have to provide these two functions and implements JWT subject for our user model so go to code and let's clean up the environment and now I will open user dot PHP file here after this I will simply say implements JWT subject this will obviously come if you have already installed the JWT auth package so now we have to just paste these two functions and we are good to go so then what we have to do we have to change some configuration in our Earth dot PHP file inside config folder so let's once more go and I will simply search for auth dot PHP and you can see the first one we have here firstly we have to make the default guard as API from Feb and then for API guard we have to provide the driver is not token we have JWT driver so next part after this we have to give some of the routes out of the box so get that and open API dot PHP file not web dot PHP because we are going to create some API with this so I will delete this one even this one and paste this and this time I'm not going to give any kind of middleware here just the prefix of Earth and we even don't need this dollar router and everything is set to go but we don't have any autant roller so let's once more go here and generate this auth controller so open terminal integrated terminal paste this and yes it is created successfully so let's open our controller and here it is empty but we have to fill it with lots of functions what are these functions here we have given again in the documentation so let's copy all these things and I will explain you each and every function what it will do okay so if I paste it here save it and let's start from the top so obviously we have some constructor having some middleware then first function is locking function so to get the JWT you just have to first time login this means you have to give your user ID or user have to give the email ID then the password when this system got the user from the credentials then it will provide the token and if not then it will simply say an authenticated and how it will generate the token so this is actually a new function in the same earth controllers if I press command and click here I will directly go to this function and what it's going to do it will give the token along with the token type and the expiry time okay so let's go to top after login we have the me function what this will do this will just going to give you the checking system that means when you have logged in how will you ensure that you are logged in then we will need this me function it will just going to give the logged in user detail or simply we can say the tokens you have is having information for which user so it will give that then obviously the logout it will destroy the token and you will logged out then refresh token some time you need to change the token so what you have to do you have to provide the old token then you will get the new token this is called the refresh okay so every function is explained so let's go to documentation and see what the next process so after that what we have to do we have to check this but how we will check because it's a API system so for that we need the postman postman app is very easy to use it's a Chrome extension or an app for Mac users so it doesn't matter both are actually same so what I am going to do I am going to firstly cancel out all these things so that I can start from fresh okay we have not started our server so let's now start the server so PHP Addison serve okay so it's started finally and then here we will say HTTP colon slash slash 127.0.0.1 slash we have to firstly say API slash auth slash login because remember on our API dot PHP we have prefix of odd so prefix of odd and login so if I give this same button and then you will see it's not having any kind of information so why don't do one thing so I will say on the headers content types so content type which is JSON then except we are accepting also JSON let's once more hit send button but this time we can see we have all these error which says method not allowed yes we have the route but all these router post requests and we are sending get requests so let's give a post request send this button and now it's saying that unauthenticated obviously we are not passing anything and according to our login function if system doesn't found any user from the credential then it will give unauthenticated and we are even not providing any credentials so let's provide the credential so to provide the credential we will go to body part on the xww form I will simply say email email will be lets say bit fumes at gmail.com and at okay then password is secret and obviously we have to connect this to our database so let's connect this app to database so I will open dot ini' file and on this database part database is test I have already created that and username is root password is nothing so let's restart the server so that it can get the changes we have done on the dot env file so let's go here and let's verify on sequel Pro do we have the user called yes we have this user that's okay so let's open postman and everything is set up let's now hit enter send and this time we are getting this access token so you can see we are getting this access token but if I now open new terminal let's copy this part and here we will say me okay and if I send this again it says the method is not allowed so give the post request and this time we have to say except a JSON and content type is also Jason send once more and unauthenticated now if I use this token to get the details so there are many ways of giving the token let's first start with authorization so I will say authorization is bearer and then the whole token let's once more drive with token on our header and this time we are getting this that's cool as I have told you there are many ways of sending the token so if I uncheck this send this route we are unauthenticated but this is one way of giving but another way is that on the URL you will simply pass token and then everything sign button and yes again we are getting so this is the second way and the third and the last way is that if I once more send yeah they are not providing any token but on the body part if I simply say token is equal to this one and send button and you can see we are getting so we have the three way of sending the token either on the body part or on the header or as a URL parameter so we have done everything we have generated the token but there are lots of things to do with the GWT what the next thing is that if I now go to the documentation on the next part you can see we have we have this attempt function which we have already used in our odd controller so on this earth controller you can see we have this attempt function we have used then login function we have already used this login function and you can just login directly and get the token if you have the user and then we have the user function and in our me function you can see we have the auth arrow user and this function is giving the detail of user and then user or fill if you try to get the detail of the user and you are not sure that token is valid or not then you can use this one so it will get the user if it is available otherwise it will throw any exception so user not defined exception this one we have then the logout as we have on the logout function let's try this one so if I go here I will say log out and because we already provided the token in the body part let's now hit sign button and it says successfully logged out and now this time if I try to get the detail and remember we are getting the details with the same token but because we have locked out this token is no longer valid so send yeah unauthenticated so we have to get a new token so get the new token here pass that token here send button and yes we are getting the details so this is logging in logging out okay so next refresh what this refresh function will do as I have told you refresh function will simply get the new token with old token so if I now go to postman and instead of me I will say C fresh and here we are having the active token this means this token is active and then if we send this you can see we are getting the same result as we are getting while login but you know this time this is the new token refresh token and the old token is now invalid so if I now try to get the details with me then send button and again unauthenticated but I have copied that refresh token so give that refresh token sent and you can see we are getting the drill so in this way we can just interchange the old token with the new dokkan and this is a good security feature so that if user want to change the token he can easily do that so that's the case invalidate invalidate is simply just going to invalidate the token and that's the simple function and then we have the payload so if I now go API dot PHP file and create a new route having payload as the rock name Earth controller and I will create a new function called payload so get that open this Earth controller just at the bottom create a public function called payload and what it's going to do it's just going to return Oh payload okay so what it's going to do let's see so if I go here this payload will give you all these details so let's now go to this postman and simply say pay load and send you can see we are getting these payloads and this is the first one if issuer of which route or which URL actually provided the token we have sent along so we have seen that we got this token via refreshed but if we get new token from here and try to access this one let's now uncheck this and pass a new token from header so the error the new token and this time it will say if you are getting this token from login route but if I now go and give the token in the body part which is from refresh so issuer you get the point then I 80 this means issued at the time the token is issued then the expiration time then not before this is something like when the token is you should end when it is active so suppose it is issued and you want to start using that after one minute so you have to give a delay in not before okay so delay of one minute then it's something JWT identifier and the subject subject is simply the user ID so if I go and you can see user ID is 1 so this is giving 1 as a user ID and some private keys so these are the things for payload and this will be very useful while checking the authentication of the token web weather token is correct or not so what you have to do you just have to get the payload then you just have to get this issuer and if you if the issuer the URL is correct according to you then you can say that the token is valid token so let's now once more go to Chrome and we have them some validate and obviously this is this is going to validate the credentials okay then we have something else you can see on our claims we call it claims otherwise then we have this claims but suppose you want to add some more claims in it so what you have to do you just have to give this claims as whatever you want to give ok so now go to code and on the login party while it's going to attempt the login we just have to say claim and what I will do I will just say here so claims and here we will give the array of whatever we want to give so I will simply say in the 3 word n am called named ok and name I will give bit fumes ok save it and if I try to get the payload once more you can see we are not getting why we are not getting because we are not having the information of this payload in the token we currently have so let's get the new token this one pass this one on let's say on the header I will pass it so be error token and check this uncheck body 1 and send this one and this time you can see we have this nem name and which is bit fumes so in this way you can pass any secret it's not a secret had anything into your tail load as a claim so this is very important so set token explicitly you can set whatever the token you don't want to get the token given by the GWT package if you want to give the your token then you can use this token simply and all these things so there are lots of things you can do with this GWT and there are exception handling system it's not given in this documentation so for that you have to go to the old one on the wiki one okay and authentication you can see we have all these things so why not get all these things one by one so firstly what I am going to do I'm going to invalidate this token so I'm going to give an invalid token so if I give here in valid token send this route you can see it's simply say unauthenticated but it's not providing that the token is invalid why is that because if I go to Earth controller we have this API middleware so if I uncheck this and then I will send yes we are getting some kind of error and then we can handle it so the error is simply say could not decode the token and the exception is token invalid exception so let's handle this one so I will go to the exception folder of our level app on the handler dot PHP and inside this render function I will simply say if the exception exception is an instance of token invalid exception okay and let's use this at the top if it is a instance of this one then and we're simply going to return response as a Jason and I will simply say token is in valid and then close this line and now check the result so once more go to postman and hit friend and this time you can see we are getting this error which is token is invalid so now let's just modify it and I will say 400 error and move this inside error and this will be an array and this will be like okay so error okay so once more st. and yes bad request error is token is invalid we have handled only one exception but there are lots off so let's now see what the next so why not get all these things worth one by one so token is invalid we have say check that expired token okay so that's nice let's go to code actually and then we have to say else if exception is an instance of expired token then we have to say token is expired and the third one is GWT exception means whatever the other exception related to this GWT is so let's use this one and GWT exception use it at the top and we will simply say there is problem with your token okay so go to postman send this route yeah taking this invalid let's get another another token from here so we have this give here bearer token is invalid this time we get the correct token so we are having that but if I am not going to give any token what the problem is there is problem with your token so we can even handle this one also but this time it simply says there's a problem with your token simply token is not provided after that now what if you don't just want to hit even the exception system when user is not providing the correct token let's see if I hit this one with giving another invalid token we are getting this exception handling system but instead what we can do we can create a middleware so let's go to good open our integrated terminal and in a new terminal I will say PHP artisan make middle ware and this middleware is GWT so it is created so let's close this and now open JWT inside the middleware and here I will simply say one thing GWT ought and we have to use this and instead we can simply use GWT instead of all these things okay and GWT earth then we have to say pass token and authenticate so here what we are doing we are firstly passing the token whether it is available or not then we are getting the authenticate this means it will check if this is correct then it will go to this one that means they go to the next route otherwise it will give that exception whatever we have created so in this way we are handling more securely and if we can provide this middleware to any route any function any controller any class so that in a single line we will get that exception system in our code so let's go and use this middleware so you can see we have commented out this middleware system but this time I want to say GWT and we have to obviously register this middleware on our colonel dot PHP and here I will simply use this so why not get anything which is already we have so this guest one and we can replicate this JWT class and call it GWT so this middleware we have created and we have used that but obviously not on the login so except login and if I now go and send it you can see we are getting the same exception but this time it's not going to even on the route of this payload and not even on this function of the payload directly before everything else it's giving the exception so it's more securely and you can do much more things on this middleware as you want so these are the little things you need to take care about the GWT and this is how you can install GWT use GWT and handle some of the exceptions in GWT so obviously if you get some other exception and you want to handle it as I have told you you can simply handle these things so if you have any doubt feel free to message me comment me and don't forget to share this video with your developer friends so that everyone get the knowledge of GWT how we can use GWT with level so please please please share these videos on you Facebook Twitter Instagram wherever you are and if you have not subscribed go and subscribe to this channel because here lateral magic never ends and everyone has to learn the best thing called level and then don't forget to like bit films on Facebook Twitter and Instagram so we will meet in some other videos doing some other cool stuffs till then AM Santhosh were also signing off bye

Info

Channel: Bitfumes

Views: 68,061

Rating: undefined out of 5

Keywords: laravel 5.6 jwt, jwt laravel, laravel jwt, laravel 5.6 tutorial, jwt authentication, jwt auth, laravel jwt api, laravel jwt auth, laravel jwt authentication tutorial, jwt laravel 5.5, jwt laravel angular, jwt laravel 5.4, jwt exceptions, jwt middleware

Id: l201RSQ7Ti4

Channel Id: undefined

Length: 30min 51sec (1851 seconds)

Published: Mon Feb 19 2018