jwt-auth-guard
jwt-auth-guard copied to clipboard
irazasyed
[QUESTION] Auth::attempt does not return token
Please prefix your issue with one of the following: [BUG] [PROPOSAL] [QUESTION].
In raising this issue, I confirm the following (please check boxes):
- [x] I have read and understood the contributors guide.
- [x] I have checked that the bug-fix I am reporting can be replicated, or that the feature I am suggesting isn't already present.
- [x] I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.
My familiarity with the project is as follows (check one):
- [x] I have never used the project.
- [ ] I have used the project briefly.
- [ ] I have used the project extensively, but have not contributed previously.
- [ ] I am an active contributor to the project.
My project stack details
- Framework (Laravel / Lumen): Laravel
- Framework Version: v5.2.45
- JWT Auth Guard Version: v1.0.4
-
tymon/jwt-authVersion: ^1.0@dev
{issue content here}
$token = Auth::attempt(['email' => '[email protected]', 'password' => '123456']); returns true instead of token as stated in documentation. May I know if I missed anything?
Same here. According to README Auth::attempt should return a token, but I only get true/false. JWTAuth::attempt gives me a token as expected.
@gronostajo
I found that the method attempt behavior is 'correct' from the codes at the end, but didn't have time to make a commit on the documentation.
https://github.com/irazasyed/jwt-auth-guard/blob/master/src/JwtAuthGuard.php#L109
I think you may be using laravel's native auth attempt instead of JWTs. If so laravel's Auth::attempt always returns a boolean as can be seen in https://laravel.com/docs/5.5/authentication#login-throttling "The attempt method will return true if authentication was successful. Otherwise, false will be returned."
Even so I also got something similar: I'm working with multiple guards, got confused and was passing one guard that would do the "website" session authentication instead of the one that would do the jwt authentication for the api. By doing this it was returning only true instead of the token.
Observation: if you don't define a guard it will run the default one, that may not be the one you want. And also while debugging I could not find out how to pass the expected guard when directly trying to do JWTAuth::attempt instead of $this->guard()->attempt. Hopefully it was not necessary.
If anyone still got this issue, change it to auth('api')->attempt($credentials) and also at respondWithToken function, 'expires_in' => auth('api')->factory()->getTTL() * 60,
I came across the same problem. The issue was that I was passing the remember flag to the attempt method:
auth()->attempt($this->credentials($request)); // this works
auth()->attempt($this->credentials($request), $rememeber = true); // this does not work
Hope this helps!
I came across the same problem. The issue was that I was passing the remember flag to the attempt method:
auth()->attempt($this->credentials($request)); // this worksauth()->attempt($this->credentials($request), $rememeber = true); // this does not workHope this helps!
I found exactly the same, what can we do to use the remember token?
if you changed 'ttl' => null in config/jwt.php you have to change:
'required_claims' => [
'iss',
'iat',
// 'exp', <- comment this
'nbf',
'sub',
'jti',
],
in config/jwt.php
This is my first time to add comment in github. I just want to share that this setup works for me.
Let me know if this works to you as well.
composer.json
"require": {
"php": "^7.3|^8.0",
"laravel/lumen-framework": "^8.3.1",
"laravel/tinker": "^2.6",
"tymon/jwt-auth": "dev-develop"
}
bootstrap/app.php
//uncomment
$app->withFacades();
$app->withEloquent();
$app->configure('auth');
$app->routeMiddleware([
'auth' => App\Http\Middleware\Authenticate::class,
]);
//add
$app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
Models/User.php
class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject
{
use Authenticatable, Authorizable, HasFactory;
public function getJWTIdentifier()
{
return $this->getKey();
}
public function getJWTCustomClaims()
{
return [];
}
}
AuthController.php
public function login(Request $request)
{
$this->validate($request, [
'email' => 'required',
'password' => 'required'
]);
$credentials = $request->only('email', 'password');
$token = Auth::attempt($credentials);
// this two below also working
// $token = JWTAuth::attempt($credentials);
// $token = auth()->attempt($credentials);
if (!$token) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return $this->respondWithToken($token);
}
config/auth.php
<?php
return [
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => \App\Models\User::class
]
]
];
the problem is: the password stored in the database without encrypting it, and when we do the logging the JWT package crypt the password by default, and when comparing between the password stored in the database and the cryptid password coming from the form data the auth()->attemp($cren) return always false because the password != hash(password).
so the solution is storing the cryptid password in the database instead of the raw password and the function that I use to do this is bcrypt('password'), and finally do not forget the quotes inside the function
ex: $admin -> password = bcrypt('0123456789');
If anyone still got this issue, change it to
auth('api')->attempt($credentials)and also atrespondWithTokenfunction,'expires_in' => auth('api')->factory()->getTTL() * 60,
this method doesn't work for me
