To handle token expiration in a Laravel-Node.js integration, you can follow these steps:
Step 1: Configure Token Expiration in Laravel
1. Configure Token Expiration:
- In your Laravel application, configure the token expiration time in the `config/jwt.php` file:
php
'ttl' => 60 * 60 * 24, // 1 day
'refresh_ttl' => 60 * 60 * 24 * 30, // 30 days
2. Handle Token Expiration:
- In your Laravel controller, handle token expiration by checking if the token has expired:
php
public function index(Request $request)
{
if (!$request->hasValidCsrfToken()) {
return response()->json(['error' => 'CSRF token mismatch'], 419);
}
// Process the request
}
Step 2: Refresh Tokens in Node.js
1. Refresh Tokens:
- In your Node.js application, refresh tokens when they expire:
javascript
axios.post('/refresh-token', {
headers: {
'Authorization': 'Bearer ' + token,
},
})
.then(response => {
token = response.data.token;
})
.catch(error => {
console.error(error);
});
Step 3: Implement Token Refresh in Laravel
1. Implement Token Refresh:
- In your Laravel controller, implement token refresh by generating a new token:
php
public function refreshToken(Request $request)
{
$token = $request->input('token');
$user = JWTAuth::toUser($token);
if (!$user) {
return response()->json(['error' => 'Invalid token'], 401);
}
$newToken = JWTAuth::refresh($token);
return response()->json(['token' => $newToken]);
}
Step 4: Handle Token Expiration in Node.js
1. Handle Token Expiration:
- In your Node.js application, handle token expiration by catching the `TokenExpiredException`:
javascript
axios.post('/api/items', {
headers: {
'Authorization': 'Bearer ' + token,
},
})
.then(response => {
// Process the response
})
.catch(error => {
if (error instanceof TokenExpiredException) {
// Refresh the token
axios.post('/refresh-token', {
headers: {
'Authorization': 'Bearer ' + token,
},
})
.then(response => {
token = response.data.token;
axios.post('/api/items', {
headers: {
'Authorization': 'Bearer ' + token,
},
})
.then(response => {
// Process the response
})
.catch(error => {
console.error(error);
});
})
.catch(error => {
console.error(error);
});
}
});
Conclusion
By following these steps, you can effectively handle token expiration in a Laravel-Node.js integration. This ensures that your application remains secure and efficient, even when tokens expire.
Citations:[1] https://laracasts.com/discuss/channels/laravel/how-handle-token-expiry-in-jwt-laravel-53
[2] https://stackoverflow.com/questions/31449434/handling-expired-token-in-laravel
[3] https://github.com/tymondesigns/jwt-auth/issues/502
[4] https://dotdev.co/authenticate-laravel-5-user-account-in-nodejs-socket-io-using-json-web-tokens-jwt-f74009d612f8
[5] https://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs