This package is a wrapper around tymons\jwt-auth, aimed at providing a simple & flexible machine-to-machine authentication for Laravel 5.5+.
composer require code16/machina
If you want to customize some default options like the prefix used for /login and /refresh endpoints by the package, you can publish it to your application folder :
php artisan config:publish code16/machina
Then run this command, which will add a JWT_SECRET entry in your .env file:
php artisan jwt:secret
In config/auth.php :
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'machina' => [
'driver' => 'machina',
'provider' => Api\ClientRepository::class,
],
],This package does not come with an opinionated way of retrieving clients, but instead provides a very simple way to adapt it to your application, by providing a class implementing Code16\Machina\ClientRepositoryInterface.
Example :
namespace App;
use Code16\Machina\ClientRepositoryInterface;
class ClientRepository implements ClientRepositoryInterface
{
public function findByKey($key)
{
return User::find($key);
}
public function findByCredentials($client, $secret)
{
return User::where('id', $client)->where('secret', $secret)->first();
}
}Note that here we used the standard App\User model DB to identify our client, but you can use whichever model / fields you like.
Route::get('protected', 'ApiController@index')->middleware('auth:machina');
Send a POST request the /auth/login endpoint with client and secret as parameters :
{
client : "1",
secret : "x7jfajleug64hggi"
}
If the credentials are correct, the API will return a JWT token that can be used to access protected routes.
There is two ways of passing the token along the request :
-
Passing the token in the
authorizationheader with the following string format :Bearer <token> -
Passing the token as a query parameter :
https://app.dev/protected?token=<token>
For your client applications, you can use our companion package, machina client.