Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] Auth::attempt does not return token #34

Open
4 of 7 tasks
kenyiu opened this issue Aug 29, 2016 · 12 comments
Open
4 of 7 tasks

[QUESTION] Auth::attempt does not return token #34

kenyiu opened this issue Aug 29, 2016 · 12 comments

Comments

@kenyiu
Copy link

kenyiu commented Aug 29, 2016
edited

Please prefix your issue with one of the following: [BUG] [PROPOSAL] [QUESTION].

In raising this issue, I confirm the following (please check boxes):

  • I have read and understood the contributors guide.
  • I have checked that the bug-fix I am reporting can be replicated, or that the feature I am suggesting isn't already present.
  • I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.

My familiarity with the project is as follows (check one):

  • I have never used the project.
  • I have used the project briefly.
  • I have used the project extensively, but have not contributed previously.
  • I am an active contributor to the project.

My project stack details

  • Framework (Laravel / Lumen): Laravel
  • Framework Version: v5.2.45
  • JWT Auth Guard Version: v1.0.4
  • tymon/jwt-auth Version: ^1.0@dev

{issue content here}
$token = Auth::attempt(['email' => 'user@domain.com', 'password' => '123456']); returns true instead of token as stated in documentation. May I know if I missed anything?
@kenyiu kenyiu changed the title [QUESTION] [QUESTION] Auth::attempt does not return token Aug 29, 2016
@gronostajo
Copy link

Same here. According to README Auth::attempt should return a token, but I only get true/false. JWTAuth::attempt gives me a token as expected.

@kenyiu
Copy link
Author

kenyiu commented Sep 21, 2016

@gronostajo
I found that the method attempt behavior is 'correct' from the codes at the end, but didn't have time to make a commit on the documentation.
https://github.com/irazasyed/jwt-auth-guard/blob/master/src/JwtAuthGuard.php#L109

@diguzim
Copy link

diguzim commented Dec 7, 2017
edited

I think you may be using laravel's native auth attempt instead of JWTs. If so laravel's Auth::attempt always returns a boolean as can be seen in
https://laravel.com/docs/5.5/authentication#login-throttling
"The attempt method will return true if authentication was successful. Otherwise, false will be returned."

Even so I also got something similar: I'm working with multiple guards, got confused and was passing one guard that would do the "website" session authentication instead of the one that would do the jwt authentication for the api. By doing this it was returning only true instead of the token.

Observation: if you don't define a guard it will run the default one, that may not be the one you want. And also while debugging I could not find out how to pass the expected guard when directly trying to do JWTAuth::attempt instead of $this->guard()->attempt. Hopefully it was not necessary.

@agmadt
Copy link

agmadt commented Mar 22, 2019

If anyone still got this issue, change it to auth('api')->attempt($credentials) and also at respondWithToken function, 'expires_in' => auth('api')->factory()->getTTL() * 60,

@iamirfanfaiz
Copy link

check this link:
https://github.com/tymondesigns/jwt-auth/issues/1367

@bruno-fernandes
Copy link

I came across the same problem. The issue was that I was passing the remember flag to the attempt method:

auth()->attempt($this->credentials($request)); // this works
auth()->attempt($this->credentials($request), $rememeber = true); // this does not work

Hope this helps!

@MathiasWeisheit
Copy link

I have the same problem!

@MathiasWeisheit
Copy link

I came across the same problem. The issue was that I was passing the remember flag to the attempt method:

auth()->attempt($this->credentials($request)); // this works

auth()->attempt($this->credentials($request), $rememeber = true); // this does not work

Hope this helps!

I found exactly the same, what can we do to use the remember token?

@alitokmakci
Copy link

if you changed 'ttl' => null in config/jwt.php you have to change:

'required_claims' => [
    'iss',
    'iat',
    // 'exp', <- comment this
    'nbf',
    'sub',
    'jti',
],

in config/jwt.php

@billyjamez
Copy link

billyjamez commented Oct 26, 2021
edited

This is my first time to add comment in github. I just want to share that this setup works for me.

Let me know if this works to you as well.

composer.json

"require": {
        "php": "^7.3|^8.0",
        "laravel/lumen-framework": "^8.3.1",
        "laravel/tinker": "^2.6",
        "tymon/jwt-auth": "dev-develop"
    }

bootstrap/app.php

//uncomment
$app->withFacades();
$app->withEloquent();
$app->configure('auth');
$app->routeMiddleware([
    'auth' => App\Http\Middleware\Authenticate::class,
]);
//add
$app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);

Models/User.php

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject
{
    use Authenticatable, Authorizable, HasFactory;

    public function getJWTIdentifier()
    {
        return $this->getKey();
    }

    public function getJWTCustomClaims()
    {
        return [];
    }
}

AuthController.php

public function login(Request $request)
    {
        $this->validate($request, [
            'email' => 'required',
            'password' => 'required'
        ]);

        $credentials = $request->only('email', 'password');
        $token = Auth::attempt($credentials);
        // this two below also working
        // $token = JWTAuth::attempt($credentials);
        // $token = auth()->attempt($credentials);
        if (!$token) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return $this->respondWithToken($token);
    }

config/auth.php

<?php
return [
    'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],
    'guards' => [
        'api' => [
            'driver' => 'jwt',
            'provider' => 'users',
        ],
    ],
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => \App\Models\User::class
        ]
    ]
];

@billyjamez billyjamez mentioned this issue Oct 26, 2021
Open
@boualizakaria
Copy link

the problem is: the password stored in the database without encrypting it, and when we do the logging the JWT package crypt the password by default, and when comparing between the password stored in the database and the cryptid password coming from the form data the auth()->attemp($cren) return always false because the password != hash(password).
so the solution is storing the cryptid password in the database instead of the raw password and the function that I use to do this is bcrypt('password'), and finally do not forget the quotes inside the function
ex: $admin -> password = bcrypt('0123456789');

@bangyadiii
Copy link

If anyone still got this issue, change it to auth('api')->attempt($credentials) and also at respondWithToken function, 'expires_in' => auth('api')->factory()->getTTL() * 60,

this method doesn't work for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests