Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Set expiry time for laravel jwt dynamically

Hi I am using angular js in front end with satellizer and laravel at backend with tymon jwt library. I am using jwt authentication. I want to make remember me functionalities in my web app. I see 'ttl' to set expiry time of token in laravel 'config/jwt.php.

 /*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour
|
*/

'ttl' => 60,

By default, it will be 1 hour. But I want to change this dynamically to 1 week if user clicks remember me while login. How can I change it dynamically. Thank you.

like image 751
user254153 Avatar asked Dec 14 '16 11:12

user254153


People also ask

How can extend JWT token time in laravel?

You can add exp as a custom claim as follows: $token = JWTAuth::attempt($credentials, ['exp' => Carbon\Carbon::now()->addDays(7)->timestamp]); The code above creates a token that expires in 7 days time.

How do I extend the expiry date on my JWT token?

As you said, the expiry time in a JTW is set when the JWT is generated and signed. You cannot change an existing token, e.g. by changing the expiry time, because after the change, the signature would not be correct anymore.

How do I handle JWT expiry?

In short, you need to use REFRESH_TOKEN when ACCESS_TOKEN expires to get a new ACCESS_TOKEN. JWT has two kind of tokens: ACCESS_TOKEN and REFRESH_TOKEN.


7 Answers

You can add exp as a custom claim as follows:

$token = JWTAuth::attempt($credentials, ['exp' => Carbon\Carbon::now()->addDays(7)->timestamp]);

The code above creates a token that expires in 7 days time. You don't have to use Carbon it just requires a Unix timestamp, I've used Carbon here for simplicity since its built into Laravel.

like image 94
Jamesking56 Avatar answered Oct 03 '22 18:10

Jamesking56


You can use JWTFactory (1.0 version)

$myTTL = 30; //minutes

JWTAuth::factory()->setTTL($myTTL);
$token = JWTAuth::attempt($credentials);
like image 39
Andrey Lutskevich Avatar answered Oct 03 '22 18:10

Andrey Lutskevich


You can do following to generate JWT token with needed expire time:

JWTAuth::customClaims(['exp' => Carbon\Carbon::now()->addDays(2)->timestamp])
    ->fromUser($user);
like image 34
Vedmant Avatar answered Oct 03 '22 20:10

Vedmant


I'm not 100% sure, but what happens if you set within your AppServiceProvider@register the config:

config()->set('jwt.ttl', 60*60*7);

or with a facade:

Config::set('jwt.ttl', 60*60*7);

Why would you set it dynamically? Or do you not use the publishing from the config (it's not publishing the config/jwt.php)?

EDIT:

Another solution would be to set it through your .env file:

config/jwt.php
// set the default TTL to one week if the .env file does not contain a `JWT_TTL` var
'ttl' => env('JWT_TTL', 60*60*7), 

And within .env:

JWT_TTL=3600
like image 21
Yoram de Langen Avatar answered Oct 03 '22 19:10

Yoram de Langen


None of the above answers worked for me. I managed to get it working like this.

$ttl_in_minutes = 60*24*100;
// The parameter passed to the auth helper should match what is present in config/auth.php
if($request->input('remember')) auth('api')->factory()->setTTL($ttl_in_minutes);
like image 22
joel Avatar answered Oct 03 '22 20:10

joel


Tymon JWT v 1.0

you can override default ttl when attempting to login user:

if (! $token = auth()->setTTL(1)->attempt($credentials)) {
  return response()->json(['message' => 'Unauthorized user'], 401);
}
like image 26
Mahmoud Ali Kassem Avatar answered Oct 03 '22 19:10

Mahmoud Ali Kassem


Override the token ttl without any changing in config/jwt.php

$token = auth()->setTTL(7200)->attempt($credentials);

like image 35
ashutosh singh Avatar answered Oct 03 '22 19:10

ashutosh singh