search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.29k stars 1.54k forks source link

JWTAuth::parseToken()->authenticate() always return user_not_found exception #1352

Open jinoantony opened 6 years ago

jinoantony commented 6 years ago

I recently ran into a problem where jwt middleware always return user_not_found exception. I replaced the function call JWTAuth::parseToken()->authenticate() with JWTAuth::toUser(JWTAuth::getToken()) in the jwt middleware and its work perfect. But the problem is it is not a good method to edit the vendor files. Is there any solution to this other than editing the middleware ?

philliperosario commented 6 years ago

@jinoantony See my middleware in #1355

kulturman commented 6 years ago

@jinoantony: thanks for the tip(replacing JWTAuth::parseToken()->authenticate()). To avoid editing the file in vendor I copied it to App\Http\Middleware\CustomGetUserFromToken.php. Finally I added this line in Kernel.php 'jwt.auth' => \App\Http\Middleware\CustomGetUserFromToken::class,

segunmicheal27 commented 3 years ago

Please can any one help with the method to force blacklist expired toke for my own logic force reset the expired token and it need to be after the user has expired the token i need to force the token to blacklist

here is my code below:

segunmicheal27 commented 3 years ago

` try { // the code is okay here $payload = $this->guard()->getPayload(); $res = $userAuth->getAdminUserLoginDetails($payload['email']); $token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth); JWTAuth::invalidate(JWTAuth::getToken()); return response()->json([$token]); } catch (TokenExpiredException $e) { // here is where my code needs help if (env('JWT_FORCE_GET_PAYLOAD', false)) { $payload = JWTAuth::manager()->getJWTProvider()->decode(JWTAuth::getToken()->get()); $res = $userAuth->getAdminUserLoginDetails($payload['email']); // JWTAuth::invalidate(JWTAuth::getToken()); // i cannot use this line because the exception will be caught $token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth); // $token = $this->guard()->refresh(true, true); // i cannot use this line because the exception will be caught

            // token need to be invalidate or blacklist here after successful reset
           return response()->json([$token]);
        } else {
            throw new TokenExpiredException('Token has expired', 401);
        }
    }catch(\Exception $e) {
        throw new HttpException($e->getMessage(), 401);
    }

`