Laravel 8 User Login Signup API with JWT Authentication

In this tutorial you will learn about the Laravel 8 User Login Signup API with JWT Authentication and its application with practical example.

In this Laravel 8 User Login Signup API with JWT Authentication Tutorial I’ll show you how to build the user login and signup rest APIs with jwt (JSON web token) authentication in laravel 8. In this tutorial you will learn to create login and signup api using jwt authentication in laravel 8. In this example I’ll also show you how to install jwt auth and configure jwt auth in laravel 8. In this article, we will learn to create fully functional restful API with JWT Authentication in Laravel 8.

Table Of Contents−

Laravel 8 User Login Signup API with JWT Authentication

In this step by step tutorial I will demonstrate you with example to create registration and login api with jwt authentication in laravel. Please follow the instruction given below:

Install Laravel Application
Database Connection
Add User into MySQL Database

Install & Configure JWT Authentication Package
Set Up User Model
Configure Auth Guard

Build Authentication Controller
Add Routes for Authentication
Test REST API with Postman

Conclusion

Install Laravel Application

First of all we need to create a fresh laravel project, download and install Laravel 8 using the below command

composer create-project laravel/laravel laravel-jwt-auth --prefer-dist

1	composer create-project laravel/laravel laravel-jwt-auth --prefer-dist

Database Connection

Now, lets create a MySQL database and connect it with laravel application. After creating database we need to set database credential in application’s .env file.

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=

DB_CONNECTION=mysql

DB_HOST=127.0.0.1

DB_PORT=3306

DB_DATABASE=laravel

DB_USERNAME=root

DB_PASSWORD=

Add User into MySQL Database

Now, run following command to migrate database schema.

php artisan migrate

1	php artisan migrate

Install & Configure JWT Authentication Package

In this step, we will install tymon jwt auth package via the composer dependency manager. Use the following command to install laravel jwt authentication package.

composer require tymon/jwt-auth

1	composer require tymon/jwt-auth

After Installing tymon/jwt-auth package, we need to add service provider and alias in config/app.php file as following. Include the JWTAuth and JWTFactory facades inside the aliases array as following:

config/app.php

'providers' => [
    ....
    ....
    Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
],
'aliases' => [
    ....
    'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,
    'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,
    ....
],

'providers' => [

....

Tymon\JWTAuth\Providers\LaravelServiceProvider::class,

'aliases' => [

....

'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,

'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,

....

After that, run the below given command to publish the configuration file in Laravel for jwt auth:

php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

1	php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"

Now, you need to generate jwt encryption keys. Use the following command to generate encryption keys needed to generate secure access tokens:

php artisan jwt:secret

1	php artisan jwt:secret

You can check this key inside the .env file.

Set Up User Model

Now you need to define Tymon\JWTAuth\Contracts\JWTSubject contract in User model. Open the app/Models/User.php file and put the following code in it.

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

use Tymon\JWTAuth\Contracts\JWTSubject;


class User extends Authenticatable implements JWTSubject
{
    use HasFactory, Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];
    
    /**
     * Get the identifier that will be stored in the subject claim of the JWT.
     *
     * @return mixed
     */
    public function getJWTIdentifier() {
        return $this->getKey();
    }

    /**
     * Return a key value array, containing any custom claims to be added to the JWT.
     *
     * @return array
     */
    public function getJWTCustomClaims() {
        return [];
    }    
}

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;

use Illuminate\Database\Eloquent\Factories\HasFactory;

use Illuminate\Foundation\Auth\User as Authenticatable;

use Illuminate\Notifications\Notifiable;

use Tymon\JWTAuth\Contracts\JWTSubject;

class User extends Authenticatable implements JWTSubject

{

use HasFactory, Notifiable;

/**

* The attributes that are mass assignable.

* @var array

protected $fillable = [

'name',

'email',

'password',

];

/**

* The attributes that should be hidden for arrays.

* @var array

protected $hidden = [

'password',

'remember_token',

];

/**

* The attributes that should be cast to native types.

* @var array

protected $casts = [

'email_verified_at' => 'datetime',

];

/**

* Get the identifier that will be stored in the subject claim of the JWT.

* @return mixed

public function getJWTIdentifier() {

return $this->getKey();

}

/**

* Return a key value array, containing any custom claims to be added to the JWT.

* @return array

public function getJWTCustomClaims() {

return [];

}

Configure Auth guard

Place the following code in config/auth.php file.

<?php

return [

    'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],


    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'jwt',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

<?php

return [

'defaults' => [

'guard' => 'api',

'passwords' => 'users',

'guards' => [

'web' => [

'driver' => 'session',

'provider' => 'users',

'api' => [

'driver' => 'jwt',

'provider' => 'users',

'hash' => false,

Build Authentication Controller

Now, lets create a controller named AuthController using command given below –

 php artisan make:controller AuthController

1	php artisan make:controller AuthController

Place the following code inside the app/Http/Controllers/AuthController.php file.

app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;

use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Validator;


class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct() {
        $this->middleware('auth:api', ['except' => ['login', 'register']]);
    }

    /**
     * Get a JWT via given credentials.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function login(Request $request){
    	$validator = Validator::make($request->all(), [
            'email' => 'required|email',
            'password' => 'required|string|min:6',
        ]);

        if ($validator->fails()) {
            return response()->json($validator->errors(), 422);
        }

        if (! $token = auth()->attempt($validator->validated())) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return $this->createNewToken($token);
    }

    /**
     * Register a User.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function register(Request $request) {
        $validator = Validator::make($request->all(), [
            'name' => 'required|string|between:2,100',
            'email' => 'required|string|email|max:100|unique:users',
            'password' => 'required|string|confirmed|min:6',
        ]);

        if($validator->fails()){
            return response()->json($validator->errors()->toJson(), 400);
        }

        $user = User::create(array_merge(
                    $validator->validated(),
                    ['password' => bcrypt($request->password)]
                ));

        return response()->json([
            'message' => 'User successfully registered',
            'user' => $user
        ], 201);
    }


    /**
     * Log the user out (Invalidate the token).
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout() {
        auth()->logout();

        return response()->json(['message' => 'User successfully signed out']);
    }

    /**
     * Refresh a token.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh() {
        return $this->createNewToken(auth()->refresh());
    }

    /**
     * Get the authenticated User.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function userProfile() {
        return response()->json(auth()->user());
    }

    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return \Illuminate\Http\JsonResponse
     */
    protected function createNewToken($token){
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60,
            'user' => auth()->user()
        ]);
    }

}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

use Illuminate\Support\Facades\Auth;

use App\Models\User;

use Validator;

class AuthController extends Controller

{

/**

* Create a new AuthController instance.

* @return void

public function __construct() {

$this->middleware('auth:api', ['except' => ['login', 'register']]);

}

/**

* Get a JWT via given credentials.

* @return \Illuminate\Http\JsonResponse

public function login(Request $request){

$validator = Validator::make($request->all(), [

'email' => 'required|email',

'password' => 'required|string|min:6',

]);

if ($validator->fails()) {

return response()->json($validator->errors(), 422);

}

if (! $token = auth()->attempt($validator->validated())) {

return response()->json(['error' => 'Unauthorized'], 401);

}

return $this->createNewToken($token);

}

/**

* Register a User.

* @return \Illuminate\Http\JsonResponse

public function register(Request $request) {

$validator = Validator::make($request->all(), [

'name' => 'required|string|between:2,100',

'email' => 'required|string|email|max:100|unique:users',

'password' => 'required|string|confirmed|min:6',

]);

if($validator->fails()){

return response()->json($validator->errors()->toJson(), 400);

}

$user = User::create(array_merge(

$validator->validated(),

['password' => bcrypt($request->password)]

));

return response()->json([

'message' => 'User successfully registered',

'user' => $user

], 201);

}

/**

* Log the user out (Invalidate the token).

* @return \Illuminate\Http\JsonResponse

public function logout() {

auth()->logout();

return response()->json(['message' => 'User successfully signed out']);

}

/**

* Refresh a token.

* @return \Illuminate\Http\JsonResponse

public function refresh() {

return $this->createNewToken(auth()->refresh());

}

/**

* Get the authenticated User.

* @return \Illuminate\Http\JsonResponse

public function userProfile() {

return response()->json(auth()->user());

}

/**

* Get the token array structure.

* @param string $token

* @return \Illuminate\Http\JsonResponse

protected function createNewToken($token){

return response()->json([

'access_token' => $token,

'token_type' => 'bearer',

'expires_in' => auth()->factory()->getTTL() * 60,

'user' => auth()->user()

]);

}

Add Authentication Routes

We need to define the REST API authentication routes for auth process in Laravel JWT Authentication application. We need to add authentication routes in routes/api.php.

routes/api.php

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::group([
    'middleware' => 'api',
    'prefix' => 'auth'

], function ($router) {
    Route::post('/login', [AuthController::class, 'login']);
    Route::post('/register', [AuthController::class, 'register']);
    Route::post('/logout', [AuthController::class, 'logout']);
    Route::post('/refresh', [AuthController::class, 'refresh']);
    Route::get('/user-profile', [AuthController::class, 'userProfile']);    
});

<?php

use Illuminate\Http\Request;

use Illuminate\Support\Facades\Route;

use App\Http\Controllers\AuthController;

|--------------------------------------------------------------------------

| API Routes

|--------------------------------------------------------------------------

| Here is where you can register API routes for your application. These

| routes are loaded by the RouteServiceProvider within a group which

| is assigned the "api" middleware group. Enjoy building your API!

Route::group([

'middleware' => 'api',

'prefix' => 'auth'

], function ($router) {

Route::post('/login', [AuthController::class, 'login']);

Route::post('/register', [AuthController::class, 'register']);

Route::post('/logout', [AuthController::class, 'logout']);

Route::post('/refresh', [AuthController::class, 'refresh']);

Route::get('/user-profile', [AuthController::class, 'userProfile']);

});

Test Laravel JWT Authentication API with Postman

Now we are ready to run our example so lets start the development server using following artisan command –

php artisan serve

1	php artisan serve

Authentication APIs for Login, Register, User Profile, Token Refresh and Logout.

POST	/api/auth/register
POST	/api/auth/login
GET	/api/auth/user-profile
POST	/api/auth/refresh
POST	/api/auth/logout

AngularJS

CodeIgniter

Laravel

Node Js

Wordpress

More Blog

Learn

ABOUT PAGES

Install Laravel Application

Database Connection

Add User into MySQL Database

Install & Configure JWT Authentication Package

Laravel 9 Livewire Pagination with Search

Laravel 9 Livewire Pagination Example

Laravel 9 Check User Login, Online Status & Last Seen

codeigniter 4 image upload example tutorial

Laravel 9 Livewire Charts Example

Laravel 9 Livewire Crud Example

Laravel 9 Livewire Multiple Image Upload

Laravel 9 Livewire Image Upload

Laravel 9 Livewire Submit Form

Laravel 9 Simple CRUD Application Example