Download the PHP package rcerljenko/laravel-paseto without Composer
On this page you can find all versions of the php package rcerljenko/laravel-paseto. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download rcerljenko/laravel-paseto
More information about rcerljenko/laravel-paseto
Files in rcerljenko/laravel-paseto
Package laravel-paseto
Short Description Simple PASETO Auth for Laravel PHP Framework
License MIT
Homepage https://github.com/rcerljenko/laravel-paseto
Informations about the package laravel-paseto
Laravel PASETO
Simple PASETO Auth for Laravel PHP Framework using paragonie/paseto under the hood.
Installation
Standard Composer package installation:
Usage
-
Publish the config file. This will create a
config/paseto.php
file for basic configuration options. -
Add a new auth guard to your auth config file using a
paseto
driver. -
Protect your API routes using this new guard.
- Use provided
HasPaseto
trait from this package on your Auth model (eg. User).
You now have access to token()
method on your User model, eg:
You should probably return this token via Login Controller or User Resource.
Configuration
This package provides simple configuration via config/paseto.php
file after you publish the config. Let's go over each configuration option.
secret-key
- Secret key to use when encoding / decoding tokens. It has to be a 32 byte long random string. Remember, if you change this key all active PASETO tokens will be invalidated.expiration
- Default token expiration time in minutes. You can set it tonull
and the tokens will never expire.issuer
- Token issuer claim.audience
- Token audience claim.claims
- Default claims that will be applied to all tokens (besides the required ones needed for decoding and validation).
This was global configuration for all tokens. Besides that, library provides a local per-model configuration via HasPaseto
trait helper methods.
getJwtId()
- It should return the model unique key used to retrieve that model from database. It defaults to model primary key.getJwtValidFromTime()
- It should returnnull
(default) or a Carbon instance. You can use that if you want to create tokens which are not active right away.getJwtValidUntilTime()
- It should returnnull
or a Carbon instance. This sets the JWT expiration time which, by default, uses theexpiration
option from the config file.getJwtCustomClaims()
- Should return a key/value array of extra custom claims that you want to be a part of your token. By default it's an empty array.
You can also use configuration directly on the token()
method which then overrides all other configurations, eg:
You don't need to override all configuration options, just the ones that you wish to change.
Request
Token is extracted from the request in one of three ways:
- From
Authorization: Bearer {token}
header (most common). - From URL query param
token
. - From request payload using
token
field name.
All versions of laravel-paseto with dependencies
illuminate/auth Version ^9.0|^10.0|^11.0
illuminate/contracts Version ^9.0|^10.0|^11.0
illuminate/support Version ^9.0|^10.0|^11.0
paragonie/paseto Version ^3.0