Jwt-auth: Verify the token from string rather than request.

Created on 20 Sep 2018  路  7Comments  路  Source: tymondesigns/jwt-auth

Verify the token from string rather than request.

| Q | A
| ----------------- | ---
| Bug? | yes
| New Feature? | yes
| Framework | Laravel
| Framework version | 5.7
| Package version | 1.x.y
| PHP version | 7.1

stale
Source
picture TheSachin

Most helpful comment

@danshou i've found what you want.. 馃憤
i've made this middleware.. it will get the token from the header using $request->header('Authorisation') then i remove the "Bearer" thing..
and i test it with JWTAuth::setToken($token);

Hope this will help.. 

<?php

    namespace App\Http\Middleware;

    use Closure;
    use JWTAuth;
    use Exception;
    use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;

    class JwtMiddleware extends BaseMiddleware
    {

        /**
         * Handle an incoming request.
         *
         * @param  \Illuminate\Http\Request  $request
         * @param  \Closure  $next
         * @return mixed
         */
        public function handle($request, Closure $next)
        {
              $token= str_replace('Bearer ', "" , $request->header('Authorization'));

              try { 
                 JWTAuth::setToken($token); //<-- set token and check
                  if (! $claim = JWTAuth::getPayload()) {
                      return response()->json(array('message'=>'user_not_found'), 404);
                  }
              } catch (\Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
                  return response()->json(array('message'=>'token_expired'), 404);
              } catch (\Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
                  return response()->json(array('message'=>'token_invalid'), 404);
              } catch (\Tymon\JWTAuth\Exceptions\JWTException $e) {
                  return response()->json(array('message'=>'token_absent'), 404);
              } 

              // the token is valid and we have exposed the contents

              return $next($request);
        }


  }
picture Ademking on 5 Mar 2019
🎉2 👍21

All 7 comments

like passing token as a query string on the url?
If so you can already do that.
Example:
anything.dev/private/route?token=full_jwt_token_here

Nischal-shrestha picture Nischal-shrestha on 21 Sep 2018

No i meant not from url but programmatically in the code, right now we have to use
auth()->setToken($token) but can we simply pass the token string and verify it's tokens without calling setToken

TheSachin picture TheSachin on 8 Oct 2018
👍1

@TheSachin did you find a way to do this?

I'm trying to do the same, verify if a JWT token expired (not the authenticated user's token).

danshou picture danshou on 14 Feb 2019

@danshou i've found what you want.. 馃憤
i've made this middleware.. it will get the token from the header using $request->header('Authorisation') then i remove the "Bearer" thing..
and i test it with JWTAuth::setToken($token);

Hope this will help.. 

<?php

    namespace App\Http\Middleware;

    use Closure;
    use JWTAuth;
    use Exception;
    use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;

    class JwtMiddleware extends BaseMiddleware
    {

        /**
         * Handle an incoming request.
         *
         * @param  \Illuminate\Http\Request  $request
         * @param  \Closure  $next
         * @return mixed
         */
        public function handle($request, Closure $next)
        {
              $token= str_replace('Bearer ', "" , $request->header('Authorization'));

              try { 
                 JWTAuth::setToken($token); //<-- set token and check
                  if (! $claim = JWTAuth::getPayload()) {
                      return response()->json(array('message'=>'user_not_found'), 404);
                  }
              } catch (\Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
                  return response()->json(array('message'=>'token_expired'), 404);
              } catch (\Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
                  return response()->json(array('message'=>'token_invalid'), 404);
              } catch (\Tymon\JWTAuth\Exceptions\JWTException $e) {
                  return response()->json(array('message'=>'token_absent'), 404);
              } 

              // the token is valid and we have exposed the contents

              return $next($request);
        }


  }
Ademking picture Ademking on 5 Mar 2019
🎉2 👍21

@Ademking this one also works okay for me:

<?php

namespace App\Http\Middleware;

use Closure;

class JwtAuthorizer
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $token = $request->cookie('access_token');
        try {
            auth()->setToken($token)->getPayload();
        } catch (\Exception $e) {
            return response()->json(['message'=>'Unauthorized'], 401);
        }

        return $next($request);
    }
}
programarivm picture programarivm on 14 Oct 2019

This is mine, don't forget 401 and http codes

```

namespace App\Http\Middleware;

use Closure;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Exceptions\TokenInvalidException;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Exceptions\TokenBlacklistedException;

class JwtAuthMiddleware extends BaseMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, $type)
{
$token = null;

    // with bearer token
    if ($type == 'bearer'){
        $token= str_replace('Bearer ', "" , $request->header('Authorization'));
    } // with GET method
    else if ($type == 'get'){
        $token = $request->get('token');
    }

    try {
        JWTAuth::setToken($token);

        if (!JWTAuth::getPayload()) {
            return response()->json([
                'message' => 'User not found'
            ], 401);
        }
    } catch (TokenExpiredException $e) {
        return response()->json([
            'message' => 'Token expired',
            'error' => $e
        ], 401);
    } catch (TokenInvalidException $e) {
        return response()->json([
            'message' => 'Invalid token',
            'error' => $e
        ], 401);
    } catch (JWTException $e) {
        return response()->json([
            'message' => 'Token not provided',
            'error' => $e
        ], 401);
    } catch (TokenBlacklistedException $e) {
        return response()->json([
            'message' => 'Token blacklisted',
            'error' => $e
        ], 401);
    }

    return $next($request);
}

}```

EgoistDeveloper picture EgoistDeveloper on 14 Feb 2020

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 25 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jxlwqq picture jxlwqq  路  26Comments
sanjukaniyamattam picture sanjukaniyamattam  路  23Comments
mtpultz picture mtpultz  路  114Comments
bachras picture bachras  路  31Comments
mcblum picture mcblum  路  48Comments