Jerome Carter Jerome Carter - 7 months ago 45
PHP Question

How to allow any user to access a route with Laravel JWT Authentication?

I'm using the Tymon/JWT-Auth package for my Laravel REST API. In my

file I can add routes meant for unauthenticated users and routes for authenticated users.

Routes for unauthenticated users ignore the authorization header. However, I'd like a route group that can utilize the authorized users data if the header is valid and do something else if it isn't set or invalid.

Is there any way to implement such functionality, or maybe a solution in the JWTAuth package built-in middleware?


To solve this dilemma , I made my own middleware based on the JWTAuth GetUserFromToken middleware, and I added it to the routeMiddleware array in the Kernel file.



namespace App\Http\Middleware;

use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;

class NeutralRoute extends \Tymon\JWTAuth\Middleware\BaseMiddleware
     * Handle an incoming request.
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
    public function handle($request, \Closure $next)
        $token = $this->auth->setRequest($request)->getToken();

            try {
                $user = $this->auth->authenticate($token);
            } catch (TokenExpiredException $e) {
                return $this->respond('tymon.jwt.expired', 'token_expired', $e->getStatusCode(), [$e]);
            } catch (JWTException $e) {
                return $this->respond('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode(), [$e]);
                $this->events->fire('tymon.jwt.valid', $user);

        return $next($request);