Jwt-auth: Problem with this package (v1.*) and the vue-auth package from websinova

Fixed my own issue. In my original implementation, it called for appending a header to the response. I just need to do that with the new implementation from the docs.

I updated the respondWithToken() method as follows:

    protected function respondWithToken($token)
    {
        return response()
            ->json([
                'access_token' => $token,
                'token_type' => 'bearer',
                'expires_in' => auth()->factory()->getTTL() * 60
            ])
            ->header('Authorization', $token);
    }

@zacksmash Can you post a brief outline of how you set this package on Laravel Framework 5.6.16?

I am having a few issues because the outline is outdated.

What is your login() method like, what is your middlewares like?

Thank you in advance.

@aligajani I've followed the instructions on the unofficial v1.0 guide here. The only thing I changed was the above method on the sample AuthController.php from the guide.

@zacksmash I got that. Thanks a lot. What are your middlewares like though?

That is, do I need to anything to $routeMiddleware in Kernel?

@aligajani Currently, my $routeMiddleware and Kernel are unmodified, from a stock Laravel 5.6.16 installation. I haven't modified them at all.

@zacksmash Hey, I see. Another quick one.

1. What is your error handling like in the AuthController.php ?
2. JWT middleware throws this exception (Route [login] not defined. {"exception":"[object]) when it couldn't find the token and will try to redirect to the log in route. How do I fix this one? It certainly is annoying?

@aligajani My AuthController.php looks exactly like the one in the docs, except for the method I changed which I noted above. Here

@zacksmash Thanks for that. Any idea about 2.

@aligajani What does your api.php routes file look like?

@zacksmash Like this below

<?php

use Illuminate\Http\Request;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

// Authentication

Route::group([
    'middleware' => 'api',
    'prefix' => 'auth'
],
    function ($router) {
    Route::post('login', 'Auth\AuthController@login');
    Route::post('logout', 'Auth\AuthController@logout');
    Route::post('refresh', 'Auth\AuthController@refresh');
    Route::post('me', 'Auth\AuthController@me');
});

// Resources

Route::apiResources([
    'users' => 'UserController',
    'questionnaires' => 'QuestionnaireController',
    'vouchers' => 'VoucherController',
    'newsletters' => 'NewsletterController'
]);

// Validation Helpers

Route::get('/validate/voucher/{code}',
    'HelperController@validateVoucher');

Route::get('/validate/email/{address}',
    'HelperController@validateEmail');

@aligajani What does your Vue component look like, where you make the login request?

@zacksmash I think I fixed 2. I just put this in Handler.php

  /**
     *  Ensure JWT unauthenticated responses are handled with JSON
     *
     * @param  \Illuminate\Http\Request $request
     * @param Exception|AuthenticationException $exception
     * @return \Illuminate\Http\Response
     */

    protected function unauthenticated($request, AuthenticationException $exception)
    {
        return response()->json(['error' => 'Unauthenticated.'], 401);
    }

@zacksmash Any particular reason why your respondWithToken() sends out token in the header in addition to the response? Also, while you are at it, why aren't you prefixing it with Bearer? Just curious that's all.

@aligajani I've since removed the json response because it's unnecessary. I don't need to prefix it with Bearer on the response, only on subsequent requests to authenticate a user. At this point, a user isn't authenticated which is why I'm requesting a token.

Edit: Scratch that, apparently it's necessary on the refresh() method. Keep it in there!

@zacksmash What is your AuthController.php 's construct like? Mine is below.

After logging in after 24 hours, the auth/refresh was returning Unauthenticated.

I then added the refresh to the except[] array in the controller. Is that secure in your opinion?

    /**
     * Create a new AuthController instance.
     *
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login', 'refresh']]);
    }

@aligajani My AuthController.php constructor looks just like yours, except the refresh method. I only have login under the except clause. Personally, I wouldn't want the refresh method outside of the auth:api middleware.

I think the unauthenticated error might be due to the refresh_ttl or the ttl config settings. You may want to extend those if you have issues.

@zacksmash Thanks Zach. I have ttl at 1h and blacklist at 1800s.

Do you have any error handling/exception handling in your controller?