Laravel JWT: generated tokens on localhost are valid on server

Question

Laravel JWT: generated tokens on localhost are valid on server

I am writing an API for a mobile app, the backend site is written in Laravel. I am using Tymon \ JWTAuth for authentication like this:

function  auth()
{
    try {
        if(!$user = JWTAuth::parseToken()->authenticate())
        {
            return  ('login or register');
        }
    }
    catch (JWTException $e )
    {
        return   ('token is invalid');
    }
    return  $this->user = $user ;
}

I noticed something today when I create a JWT token for a user with id 4

in my local API, and if I send the same token to the live API instead of getting an error, I get the user with the id 4

! Basically, I can log in with any user I want by just creating some token on his / her id on my localhost. Am I missing something?

I don't know if this is related to this, but to save time when testing, I am not sending tokens as part of the body and POST header, just in the url using a method GET

like:

site.com/api/user?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9

+3

api php laravel jwt

hretic May 9 '17 at 1:28

source to share

1 answer

LeviJames · Accepted Answer · 2017-09-27T19:19:26+0000

It looks like the secret key on your localhost and remote location is the same. Changing them will most likely solve your problem.

Laravel JWT: generated tokens on localhost are valid on server

More articles: