Question 1

How to implement refresh tokens with JWT Artisan?

Accepted Answer

JWT Artisan doesn't provide built-in refresh token functionality. You'll need to implement it manually by creating separate tokens and managing their lifecycle, possibly using a database or cache for storage and validation.

Question 2

JWT Artisan vs Laravel Passport for API authentication?

Accepted Answer

JWT Artisan is a lightweight package focused solely on JWT tokens for Laravel/Lumen, ideal for microservices. Laravel Passport offers full OAuth 2.0 server capabilities but is heavier; choose JWT Artisan for simplicity and JWT-specific needs.

Question 3

How to customize JWT payload in Laravel using this package?

Accepted Answer

Implement the JwtPayloadInterface in your models to define dynamic payloads, or pass an array to createToken. Use the payload method with dot notation, like payload('context.email'), to access nested data easily.

Question 4

Does JWT Artisan support token blacklisting?

Accepted Answer

No, token blacklisting or revocation isn't included. For invalidation, you'd need a custom solution, such as storing revoked token IDs in a database and checking them during validation in your middleware.

Question 5

Best practices for securing JWT tokens with JWT Artisan?

Accepted Answer

Enable strict mode (JWT_STRICT_MODE=true), use header-only tokens (JWT_HEADER_ONLY) to prevent query string leaks, set strong secrets of at least 32 characters, and always include exp claims, as recommended in the Security section.

Question 6

How to set up JWT Artisan in a Lumen microservice?

Accepted Answer

Install via Composer, register the LumenServiceProvider in bootstrap/app.php, and use the jwt middleware in your routes. Configure environment variables like JWT_SECRET for signing, following the Lumen-specific examples in the README.

Jwt Artisan

What is Jwt Artisan?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions