JWT is configured thanks to tymondesigns/jwt-auth.

Default Configuration

When installing the repository using composer create-project, the following command is executed:
php artisan jwt:generate
which generates the JWT_SECRET needed for the JWT to run.

Json Web Tokens are stateless, this is why we're never storing the tokens in the database.

A sample code for JWT authentication is provided in the LoginController.
Your API knows that a user is authenticated, if he sends the Authorization: Bearer {token} header.
This is automatically configured for you in the API service.


It is recommended that you move the generated token from config/jwt.php to your .env file. This is an upstream limitation that should be fixed in their next release.


If you're changing the default model for authentication, make sure to update your config/jwt.php to reflect your changes. Specifically you need to update 'user' & 'identifier'.