Jwt-auth: JWTAuth doesn't work when getJWTIdentifier is returning something other than id

Created on 12 Apr 2017  路  4Comments  路  Source: tymondesigns/jwt-auth

I want to use a hashid rather than the plain primary key as the JWT's subject. As such, I'm returning a hashid from getJWTIdentifier in my user model.

Authentication then fails, since as far as I can tell, the JWTAuth class and everything it depends on is hardcoded to check against this against the primary key.

Is there a way for me to specify how a user model is returned based on the subject?

stale
Source
picture tremby

Most helpful comment

For any one wasted hours of life on this problem, here is another solution:

In your User Model, rewrite the getAuthIdentifierName method like this

    // app/Models/User.php

    public function getJWTIdentifier()
    {
        return $this->uuid;
    }

    public function getAuthIdentifierName()
    {
        return 'uuid'; // the key name you what to use as the JWT's subject in User model
    }

Works fine for me in laravel 5.7 / jwt-auth 1.0.0-rc.3.

picture Roachard on 21 Mar 2019
👍3 🎉1

All 4 comments

I solved this in the following way:

  1. Add a new class app/Providers/HashidUserProvider.php:

    <?php

namespace App\Providers;

use Illuminate\Auth\EloquentUserProvider;

class HashidUserProvider extends EloquentUserProvider
{
    /**
     * Retrieve a user by its hashid.
     *
     * @param  string  $hashid
     * @return \Illuminate\Contracts\Auth\Authenticatable|null
     */
    public function retrieveById($hashid)
    {
        return $this->createModel()->findHashid($hashid);
    }
}

    (My User model has a suitable static method findHashid($string).)

  2. Add to the boot method of app/Providers/AuthServiceProvider.php the following:

    app('auth')->provider('hashid', function ($app) {
    $guardname = app('config')['auth.defaults.guard'];
    $provider = app('config')["auth.guards.$guardname.provider"];
    $model = app('config')["auth.providers.$provider.model"];
    return new HashidUserProvider(app('hash'), $model);
});

  3. Change the config/auth.php providers.users.driver setting to hashid.

Is this the best solution?

I'm not convinced about how I get the config necessary for the new HashidUserProvider line -- any idea if I'm doing this in the "correct" way, or what I should be doing instead? (For reference, this is somewhat based on the createUserProvider method of Illuminate\Auth\CreatesUserProviders, which is passed the string users as $provider and uses this to build the configuration key.)

Any suggestions would be very welcome.

tremby picture tremby on 12 Apr 2017

I've done a similar setup. Using custom user providers is quite normal.

I've just changed by default providers for my JWT-guard.

hauthorn picture hauthorn on 19 Apr 2017

For any one wasted hours of life on this problem, here is another solution:

In your User Model, rewrite the getAuthIdentifierName method like this

    // app/Models/User.php

    public function getJWTIdentifier()
    {
        return $this->uuid;
    }

    public function getAuthIdentifierName()
    {
        return 'uuid'; // the key name you what to use as the JWT's subject in User model
    }

Works fine for me in laravel 5.7 / jwt-auth 1.0.0-rc.3.

Roachard picture Roachard on 21 Mar 2019
👍3 🎉1

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 26 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

homeoftheunits picture homeoftheunits  路  29Comments
shantudash picture shantudash  路  22Comments
bachras picture bachras  路  31Comments
vsecades picture vsecades  路  26Comments
marijang picture marijang  路  53Comments