Ad

Authenticate With A Cookie Using Laravel 5.1 And Jwt

- 1 answer

I'm setting up a laravel app (v5.1) with jwt auth (https://github.com/tymondesigns/jwt-auth). Got a boilerplate from this project: https://github.com/francescomalatesta/laravel-api-boilerplate-jwt . This way I want to be able to authenticate different apps in the future.

My problem is that I'm trying to create some protected pages in the same project, but I'm currently unable to stop users without the cookie (not authenticated). To "protect" the access I have the following values in my $routeMiddleware (in Kernel.php):

'csrf' => \csd\Http\Middleware\VerifyCsrfToken::class,
'auth' => \csd\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \csd\Http\Middleware\RedirectIfAuthenticated::class,
'jwt.refresh' => \Tymon\JWTAuth\Middleware\RefreshToken::class

I also tried to add 'jwt.auth' => \Tymon\JWTAuth\Middleware\GetUserFromToken::class to this array, but nothing changed.

How can I block users from accessing my pages while using this jwt-auth?

Thanks in advance.

Ad

Answer

To apply it on all routes, you must put it in the $middleware, not the $routeMiddleware property on the Http kernel (app/Http/Kernel.php).

Alternatively, when using it with the $routeMiddleware, you must reference explicitly it in your route definition; something like this:

Route::group(['middleware'=>'jwt.auth'], function($router){
    $router->resource('protected-resource', 'SecretSauceController');
});
Ad
source: stackoverflow.com
Ad