I implement authentication for my API service and consider Laravel 5.2 token-based authentication for this. Is there any reasons to use Json Web Tokens instead? Is it actually comparable? I found tymondesigns/jwt-auth package and some tutorials about it. But since Laravel 5.2 supports token authentication natively what is the purpose of this package?
11
votes
1 Answers
10
votes
Laravel 5.2 ships with token-based authentication that checks all requests made, look for the token, and validates them against a custom token column in the users table. That's all there is to it.
The JWT-auth package has more to it:
- You can specify a secret key that signs your client tokens with a hashing algorithm, in the similiar way that Laravel hashes passwords so they are not readable if someone might access your database.
- You may set a TTL (time to live) and refresh TTL value for how long a token should be valid.
- You get Providers and Facades to help you manage the authentication logic when implementing your service.
- Also: A JWT token consists of 3 parts, (header, body, signature). These parts can hold information about eg. user claims/permissions/whatever. The laravel token is just a random string and it self holds no further information at all.
