1

I am trying to get data included in a JWT Token with Angular 6.

I can do the login action, and return the token with Lumen 5.6 - tymondesigns/jwt-auth

But then, when I print it in JS, I get:

iat: 1531073200
        
iss: "https://api.kz-api.test/auth/login"
        
jti: "taCmXQoo0jWs4y7t"
        
nbf: 1531073200
        
prv: "87e0af1ef9fd15812fdec97153a14e0b047546aa"
        
sub: 1


I thought I should have the user object in ‘sub’ array as it identifies the subject of the JWT, but I can only find 1…. What’s wrong with my code:

/**
 * Authenticate a user and return the token if the provided credentials are correct.
 *
 * @return mixed
 */
public function authenticate()
{
    // Find the user by email
    $user = User::where('email', $this->request->input('email'))->first();
    if (!$user) {
        return response()->json('login.wrong_email', HttpResponse::HTTP_UNAUTHORIZED);
    }
    $credentials = Input::only('email', 'password');
    if (!$token = JWTAuth::attempt($credentials)) {
        return response()->json('login.wrong_password', HttpResponse::HTTP_UNAUTHORIZED);
    }
    return response()->json(compact('token'), HttpResponse::HTTP_ACCEPTED);
}
Juliatzin
  • 18,455
  • 40
  • 166
  • 325
  • 1
    Is that print out at the top your entire response packet? Also, it's bothering me that you're returning specific errors for wrong password and wrong email, you should never do that. – Wesley Coetzee Jul 09 '18 at 06:57
  • Yes, I only return the token. I could also return the user object, but I tought it was contained inside token... And as for specific codes, why shouldn't I do it ? – Juliatzin Jul 09 '18 at 07:51
  • I mean for the `login.wrong_password` and `login.wrong_email`, it's best practice to rather return one error for both, like `login.failed`. If you return a specific error for each, a hacker can tell that the email is correct, but the password isn't and can then brute force that account. In your response do you get a valid JWT token? – Wesley Coetzee Jul 09 '18 at 07:54
  • Yes my token seems valid! – Juliatzin Jul 09 '18 at 07:55
  • Ok, you can decode your token as per this answer: https://stackoverflow.com/questions/38552003/how-to-decode-jwt-token-in-javascript – Wesley Coetzee Jul 09 '18 at 07:58
  • I think I have no problem decoding my token, as in my question, I print the result of decoded token. Problem is I have a lack of information when decoding token. – Juliatzin Jul 09 '18 at 08:12

0 Answers0