Jwt-auth: Consuming your own API with Javascript

Created on 16 Jul 2018  路  4Comments  路  Source: tymondesigns/jwt-auth

I'm using Laravel 5.6 with jwt-auth for API Authentication. The idea behind it is simple:

  1. You send a HTTP POST request with user credentials and get an "access_token" if successfully.
  2. Every subsequent request should be sent with header "Authorization: Bearer {access_token}".
    This steps are cool and flexible if the consumer is from outside (e.g. Android App).

But if the API consumer is my own JavaScript? Should I also login when starting each asynchronous request even if already knows the authenticated user in my web middleware? How people usually manage this?

With Passport (OAuth2.0), Laravel delivers a middleware that injects a cookie with authorization token, making this process automatic and easy:

Typically, if you want to consume your API from your JavaScript application, you would need to manually send an access token to the application and pass it with each request to your application. However, Passport includes a middleware that can handle this for you. All you need to do is add the CreateFreshApiToken middleware to your web middleware group in your app/Http/Kernel.php file:

'web' => [
    // Other middleware...
    \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],

Read more.

How to use JWT (this package) and make requests to my own application's API without explicitly passing an access token?

stale
Source
picture ahlechandre
👍3

Most helpful comment

You need to login once and use that token until it expires for the api requests.
Once it expires you need to refresh the token by providing the old token, which will give you a new token for the same amount of time.
You can store the token in local storage or cookies for persistence.

Yeah, but then you will have to send the Bearer token with each call right? So, I log in my user with Web Guard, then what will happen if I want to use the api from within? Let the user type his username and password again?

picture alalfakawma on 23 Jun 2019
👍2

All 4 comments

You need to login once and use that token until it expires for the api requests.
Once it expires you need to refresh the token by providing the old token, which will give you a new token for the same amount of time.
You can store the token in local storage or cookies for persistence.

Nischal-shrestha picture Nischal-shrestha on 26 Aug 2018

You need to login once and use that token until it expires for the api requests.
Once it expires you need to refresh the token by providing the old token, which will give you a new token for the same amount of time.
You can store the token in local storage or cookies for persistence.

Yeah, but then you will have to send the Bearer token with each call right? So, I log in my user with Web Guard, then what will happen if I want to use the api from within? Let the user type his username and password again?

alalfakawma picture alalfakawma on 23 Jun 2019
👍2

+1 i think i found a good reason to use passport

e-hop picture e-hop on 22 Sep 2020
👍1

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 25 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

heroghost picture heroghost  路  3Comments
lbottoni picture lbottoni  路  3Comments
gamelife1314 picture gamelife1314  路  3Comments
loic-lopez picture loic-lopez  路  3Comments
aofdev picture aofdev  路  3Comments