21

Hi I am using angular js in front end with satellizer and laravel at backend with tymon jwt library. I am using jwt authentication. I want to make remember me functionalities in my web app. I see 'ttl' to set expiry time of token in laravel 'config/jwt.php.

 /*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour
|
*/

'ttl' => 60,

By default, it will be 1 hour. But I want to change this dynamically to 1 week if user clicks remember me while login. How can I change it dynamically. Thank you.

user254153
  • 1,855
  • 4
  • 41
  • 84

12 Answers12

16

You can add exp as a custom claim as follows:

$token = JWTAuth::attempt($credentials, ['exp' => Carbon\Carbon::now()->addDays(7)->timestamp]);

The code above creates a token that expires in 7 days time. You don't have to use Carbon it just requires a Unix timestamp, I've used Carbon here for simplicity since its built into Laravel.

Jamesking56
  • 3,683
  • 5
  • 30
  • 61
  • @user254153 Did it work out for you? Would you mind accepting an answer to help out the community? Thanks. – Jamesking56 May 10 '17 at 15:20
  • Great solution! And how to set the ttl in jwt.php? Can I ignore the value then? However, could give the longest time I need... I that correct? – Maximilian Fixl Nov 19 '17 at 16:49
11

You can use JWTFactory (1.0 version)

$myTTL = 30; //minutes

JWTAuth::factory()->setTTL($myTTL);
$token = JWTAuth::attempt($credentials);
Matija
  • 17,604
  • 2
  • 48
  • 43
Andrii Lutskevych
  • 1,349
  • 13
  • 23
8

You can do following to generate JWT token with needed expire time:

JWTAuth::customClaims(['exp' => Carbon\Carbon::now()->addDays(2)->timestamp])
    ->fromUser($user);
Vedmant
  • 2,265
  • 1
  • 27
  • 36
5

I'm not 100% sure, but what happens if you set within your AppServiceProvider@register the config:

config()->set('jwt.ttl', 60*60*7);

or with a facade:

Config::set('jwt.ttl', 60*60*7);

Why would you set it dynamically? Or do you not use the publishing from the config (it's not publishing the config/jwt.php)?

EDIT:

Another solution would be to set it through your .env file:

config/jwt.php
// set the default TTL to one week if the .env file does not contain a `JWT_TTL` var
'ttl' => env('JWT_TTL', 60*60*7),

And within .env:

JWT_TTL=3600
Yoram de Langen
  • 5,391
  • 3
  • 24
  • 31
  • 1
    Why would you set it dynamically? I already mentioned in question that. I want token to expire in 1 week only if user clicks remember me when login in to the system. If user logs in without remember me clicked then It should be 1 hr by default. – user254153 Dec 27 '16 at 14:08
  • @user254153 Same situation here! How did you solved it? – Maximilian Fixl Nov 19 '17 at 16:52
1

Tymon JWT v 1.0

you can override default ttl when attempting to login user:

if (! $token = auth()->setTTL(1)->attempt($credentials)) {
  return response()->json(['message' => 'Unauthorized user'], 401);
}
dipenparmar12
  • 3,042
  • 1
  • 29
  • 39
Mahmoud Kassem
  • 409
  • 5
  • 9
1

None of the above answers worked for me. I managed to get it working like this.

$ttl_in_minutes = 60*24*100;
// The parameter passed to the auth helper should match what is present in config/auth.php
if($request->input('remember')) auth('api')->factory()->setTTL($ttl_in_minutes);
joel
  • 161
  • 1
  • 6
1

Override the token ttl without any changing in config/jwt.php

$token = auth()->setTTL(7200)->attempt($credentials);

ashutosh singh
  • 11
  • 1
0

We can set token expiry time while creating the JWT token . It can be set in the token parameter. For example

$token      = array(
                         "iss" => "http://example.com",
                          "aud" => "http://example.com",
                          "exp" => {YOUR_EXPIRY_TIME}
                        );
$jwt=new JWT();
$JWT_TOKEN=$jwt->encode($token, {YOUR_KEY});

The new token will be generated with the corresponding expiry time.

Rao
  • 20,781
  • 11
  • 57
  • 77
Prakash P
  • 342
  • 1
  • 9
0

For JWT version 1.0.0-rc.2 it's very clear described on the documentation on config/jwt.php

As per note : .... You can also set this to null, to yield a never expiring token. Some people may want this behaviour for e.g. a mobile app. This is not particularly recommended, so make sure you have appropriate systems in place to revoke the token if necessary. Notice: If you set this to null you should remove 'exp' element from 'required_claims' list.

'ttl' => env('JWT_TTL', 60)  meaning we must set 60 to null

 'required_claims' => [
        'iss',
        'iat',
       // 'exp',  <- remove this
        'nbf',
        'sub',
        'jti',
    ],
Sulung Nugroho
  • 1,605
  • 19
  • 14
0

You can set the token expiration dynamically by using

JWTAuth::factory()->setTTL($expirationInMinutes);

JWTAuth::attempt($credentials)

Below code will not work in the latest version

$token = JWTAuth::attempt($credentials, ['exp' => Carbon\Carbon::now()->addDays(7)->timestamp]);
Nilanth
  • 39
  • 1
  • 5
0

can you do that

$token = auth('api')->setTTL((AuthController::EXPIRE_IN_DAYS * AuthController::MINUTES_IN_DAY))->attempt($credentials);

get data payload

$data = JWTAuth::decode(new Token( $token))->toArray();

{
  "iss": "",
  "iat": ,
  "exp": ,
  "nbf": ,
  "jti": "",
  "sub": ,
  "prv": ""
}

response("Success",'LOGIN_SUCCESS',[
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => $data['exp']
        ]);
Danilo Santos
  • 392
  • 3
  • 11
-1

Increase Laravel auth token expire time

SESSION_LIFETIME=10080

Default value 120 min in session.php

Community
  • 1
  • 1
Expert Suggestion
  • 371
  • 5
  • 17