Authentication with 3 Json Web Token (JWT) parameters?

Asked

Viewed 490 times

0

I am doing a login system with Laravel using JWT, however I need to pass 3 parameters, being them an identifier, user and password. I can get those parameters, but I can’t authenticate with the bank. It checks the user and password, but this first parameter (the identifier, which is required to mount the menu) it does not check. Has anyone used JWT passing 3 parameters? How can I check these 3 parameters?

I’m using https://github.com/tymondesigns/jwt-auth . Follow below excerpt from my code:

public function authenticateJson(Request $request) {
    // pega as credenciais para o login
    $credentials = $request->only('login', 'password');
    $customClaims = ['ep_chave' => $request->only('ep_chave')];
    try {
        // verifica o login e cria o token
        if (! $token = JWTAuth::attempt($credentials, $customClaims)) {
            return response()->json(['error' => 'Login ou senha inválidos'], 401);
        }
    } catch (JWTException $e) {
        //Erro para Criar o token
        return response()->json(['error' => 'Não foi possível criar o token'], 500);
    }

    // Caso tudo ok retorna o token
    return response()->json(compact('token'));
}
php json laravel jwt

  • It creates the Token?

  • Yes, creates the token. If I take the ep_key field, it even logs in normally, but does not check if the ep_key matches what is in the database.

  • I understand, if you have to check otherwise Alberto

1 answer

-1

I managed to solve the problem, below the code that worked for me. I thank all those who have volunteered to help.

public function authenticateJson(Request $request) {
    // pega as credenciais para o login
    $credentials = $request->only('login', 'password', 'ep_chave');

    // faz a validação dos campos recebidos
    $validator = Validator::make($credentials, [
        'ep_chave' => 'required',
        'login' => 'required',
        'password' => 'required',
    ]);

    // se o campo não for plenamente validado retorna a mensagem de erro
    if ( $validator->fails() ) {  
        return response()->json($validator->errors()->getMessages(), 400);
    }

    try {
        // verifica o login e cria o token
        if (! $token = JWTAuth::attempt($credentials)) {
            return response()->json(['error' => 'Login ou senha inválidos'], 401);
        }
    } catch (JWTException $e) {
        //Erro para Criar o token
        return response()->json(['error' => 'Não foi possível criar o token'], 500);
    }

    // Caso tudo ok retorna o token
    return response()->json(compact('token'));
}

  • You just added a Validator, this makes the field ep_chave is required but does not guarantee that it is the same as in the database. If you test a user with correct login and password and the ep_chave wrong, it will generate the token the same way.

Browser other questions tagged php json laravel jwt

You are not signed in. Login or sign up in order to post.