jwt:user information

2019-05-23

let's see how to get user information from login user in jwt(Json Web Token) which is one of the token based authentication systems.

Outline

we’ll introduce how to get user information from login user in jwt authentication system. this blog is a series. if you want to know how to install jwt middleware and implement signup, signin features, see our previous blogs.

Repository

we’ve made the repository of jwt authentication system. click below link to see our repository.

Development Environment

in here, we’ll use Laravel development environment created by Laradock and Ansible. if you want to know our environment, see our previous blog.

Modify Controller

open /app/Http/Controllers/JWTAuthController.php file in Laravel project folder and add below code.

public function user() {
    return response()->json(Auth::guard('api')->user());
}

this function is to get and response login user information by client(browser) request.

Modify Route

modify the route to connect the controller function and url. open /routes/api.php file and add below code.

Route::get('unauthorized', function() {
    return response()->json([
        'status' => 'error',
        'message' => 'Unauthorized'
    ], 401);
})->name('api.jwt.unauthorized');

Route::group(['middleware' => 'auth:api'], function(){
    Route::get('user', 'JWTAuthController@user')->name('api.jwt.user');
});

user route which gets user information uses auth:api middleware. this middleware judges the user is login or not login and if the user was login, the user can get user information. we will make user to redirect unauthorized and response 401 if user was not login.

Redirect

Laravel Auth middleware basically has redirect feature. we’ll configure the redirect for api and set 401 response. open app/Http/Middleware/Authenticate.php file and modify it like below.

protected function redirectTo($request)
{
    if (! $request->expectsJson()) {
        if ($request->is('api/*')) {
            return route('api.jwt.unauthorized');
        }
        return route('login');
    }
}

Test

let’s test user information feature via Postman.

# URL
localhost/api/user
# header
Authorization
Bearer jwt_token

if jwt token is valid, you can get user information like below screen.

get user info

if jwt token is expired or user who didn’t login requests user information, you can get 401 error response.

fail to get user info

Completed

we’ve done to develop the api which gets user information feature in jwt authentication system. at next blog post, we will introduce how to make jwt token refresh feature after login.

Buy me a coffeeBuy me a coffee
Posts