JWT for Laravel

JWT for Laravel

This is a Laravel package which provides all the means for a super easy JWT implementation


Make sure you include this package as part of your Laravel project. You can do so by running the composer command from below.

composer require babicaja/jwt-4laravel

Getting started

First register the service provider with the artisan vendor:publish command. This will ensure all the bindings are in place and it will copy the default configuration file to your app's config folder.

php artisan vendor:publish // Choose JWT4L\Providers\JWTServiceProvider from the list

Inspect the newly created config/jwt.php file. For now, you can leave it as it is (don't forget to change the secret key for production). Details about the configuration are covered in this section.

Now everything is in place and you can start using the JWT for Laravel's functionality. Easiest way to see it in actions is using the Token Facade provided by the package, and through artisan tinker. If you are able to see a similar output as the one below, you are all set.

php artisan tinker
Psy Shell v0.9.9 (PHP 7.3.6-1+ubuntu18.04.1+deb.sury.org+1 — cli) by Justin Hileman
>>> Token::create()
=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJzaGEyNTYifQ==.eyJpYXQiOiIyMDE5LTA3LTAyVDE1OjAyOjQ5LjkzMTQwMloiLCJleHAiOiIyMDE5LTA3LTAyVDE1OjE3OjQ5LjkzMTQ2M1oifQ==.fa0f19c3a2a444d72bb58feb54227677e52c65e35f3db21b31673520ddb16c86"


Out of the box the configuration file comes with default values which you can use as they are. You should probably change the secret for any production code. You can set the values directly in the config/jwt.php file or preferably by setting the appropriate .env values.


return [ 'algorithm' => env('JWT_ALG', 'sha256'), //hash_hmac_algos() 'expires' => env('JWT_EXP', 15), // minutes 'secret' => env('JWT_KEY', 'secret'), 'checks' => [ \JWT4L\Checks\Structure::class, \JWT4L\Checks\Signature::class, \JWT4L\Checks\Expired::class ] ];

  • Algorithm
  • This value can be any of the algorithms from PHP's hash_hmac_algos(). The algorithm defined here is used for signing and comparing the JWT signature.
  • Expires
  • When creating a new Token, by default an exp claim is added to the Payload section. The amount of minutes defined here will set the expire date from the moment of creation.
  • Secret
  • This value is used in conjunction with the defined algorithm for signing and comparing the JWT signature.
  • Checks
  • You should add your custom checks here or choose which one of the defaults you want to use. It's strongly recommended to use the default ones, but you are free to do as you wish.


There are a few ways to use the JWT for Laravel package:

  • Token Facade
  • Combines the functionality of the \JWT4L\Token\Generator, JWT4L\Token\Validator and \JWT4L\Token\Parser Token Managers. This allows the user to create, validate and parse the JWT through one interface anywhere in the application.
Example of Token Facade usage
$token = Token::create() // create a JWT
$payload = Token::payload($token) // retrieve the Payload section from the JWT
  • Token Managers
  • There are three Token Managers:
  • \JWT4L\Token\Generator is responsible for JWT creation
  • JWT4L\Token\Validator validates the provided JWT against the Checks
  • \JWT4L\Token\Parser does the parsing of JWT
  • All of the Token Managers are bound to Laravel's Service Container which allows you to inject them into constructors or method calls.
Example of Token Manager usage

namespace App\Http\Controllers;

class TokenController extends Controller { public function generate(\JWT4L\Token\Generator $generator) { return response($generator->create()); } }

  • JWTGuard
  • The package provides a custom Guard called JWTGuard. Laravel's Auth will be automatically extended with this Guard but you need to manually configure it in the config/auth.php
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',

    'api' =&gt; [
        'driver' =&gt; 'token',
        'provider' =&gt; 'users',
        'hash' =&gt; false,

    'jwt' =&gt; [
        'driver' =&gt; 'jwt',
        'provider' =&gt; 'users',

  • Now you can assign this guard to any route using the auth:jwt middleware.
Example of a route protected by the JWTGuard
Route::middleware('auth:jwt')->post('/user', function (Request $request) {
    return $request->user();
  • One important note regarding the JWTGuard implementation. The Guard will try to extract the user identifier from the sub (payload) claim of the provided token, so you should make sure that the logic responsible for token creation sets this claim as in the example bellow.
Example of setting a custom claim


The package provides three JWT checks out of the box:

  • \JWT4L\Checks\Structure verifies the expected header.payload.signature structure
  • \JWT4L\Checks\Signature validates the hashed signature
  • \JWT4L\Checks\Expired checks has the token expired

You can define your custom check by creating a class which implements the \JWT4L\Checks\CheckContract interface and include it in the config/jwt.phpfile.


namespace app\Checks;

use Carbon\Carbon; use JWT4L\Checks\CheckContract;

class Friday implements CheckContract { /** * Do necessary checks and throw a specific exception if conditions are not met. * * @param string $token * @return void * @throws mixed */ public function validate(string $token) { if (!Carbon::now()->isFriday()) throw new \Exception("It's not Friday"); } }


return [ 'algorithm' => env('JWT_ALG', 'sha256'), //hash_hmac_algos() 'expires' => env('JWT_EXP', 15), // minutes 'secret' => env('JWT_KEY', 'secret'), 'checks' => [ \JWT4L\Checks\Structure::class, \JWT4L\Checks\Signature::class, \JWT4L\Checks\Expired::class, \App\Checks\Friday::class ] ];

Thanks for reading

If you liked this post, share it with all of your programming buddies!

Follow me on Facebook | Twitter

Learn More about

PHP with Laravel for beginners - Become a Master in Laravel

Projects in Laravel: Learn Laravel Building 10 Projects

Laravel for RESTful: Build Your RESTful API with Laravel

Fullstack Web Development With Laravel and Vue.js

Laravel 5.8 Ajax CRUD tutorial using Datatable JS

Laravel 5.8 Tutorial from Scratch for Beginners

Build RESTful API In Laravel 5.8 Example

Login with Google in Laravel 5.8 App using Socialite Package

Laravel PHP Framework Tutorial - Full Course for Beginners (2019)

laravel security json php web-development

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

PHP Web Application Development Company

As a top **PHP Web Application Development Company in USA**[https://www.dataeximit.com/php-development-services/](https://www.dataeximit.com/php-development-services/ "https://www.dataeximit.com/php-development-services/"), we at Data EximIT have...

PHP Website Development

Skenix Infotech is a leading PHP Web Development Company that helps companies get results with industry best practices. Get affordable PHP Development Services.

Hire Dedicated PHP Developer

Looking to hire affordable yet experienced PHP developers? **[Hire Dedicated PHP Developer](https://hourlydeveloper.io/hire-dedicated-php-developer/ "Hire Dedicated PHP Developer")**, who can convert your idea to reality, within the stipulated...

How to Hire Laravel Developers and How Much Does It Cost.

Want to make the most out of the latest Laravel technology? Here is your guide on how to hire the best Laravel developer, and at the right price. 

Advantages of Hiring PHP Developer for your Website Project

PHP - Hypertext pre-processor, a scripting language used by many people in developing web pages, but most of us are unaware even of the full form. To train someone and make them learn this whole language is as difficult and time-consuming as it is...