Does laravel passport serialize entire user object in bearer token?
I am using laravel with passport and jensseger mongodb to create an API. All works well, but I notice that the bearer tokens I get from passport are very long. My question is wether passport stores the entire user object in the bearer token, or if Auth::user fetches the user from db by id only....
I have a model:
class User extends JenssegersMongodbEloquentModel implements
AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, Notifiable, HasApiTokens;
protected $collection = 'db.users';
protected $fillable = ['name','phone','email' ...];
......
}
I then use $user->createToken('....')->accessToken
to generate tokens at login.
I then use Auth::user()
to fetch current user from token internally. Which all works, but the bearer tokens are very long.
laravel api
add a comment |
I am using laravel with passport and jensseger mongodb to create an API. All works well, but I notice that the bearer tokens I get from passport are very long. My question is wether passport stores the entire user object in the bearer token, or if Auth::user fetches the user from db by id only....
I have a model:
class User extends JenssegersMongodbEloquentModel implements
AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, Notifiable, HasApiTokens;
protected $collection = 'db.users';
protected $fillable = ['name','phone','email' ...];
......
}
I then use $user->createToken('....')->accessToken
to generate tokens at login.
I then use Auth::user()
to fetch current user from token internally. Which all works, but the bearer tokens are very long.
laravel api
add a comment |
I am using laravel with passport and jensseger mongodb to create an API. All works well, but I notice that the bearer tokens I get from passport are very long. My question is wether passport stores the entire user object in the bearer token, or if Auth::user fetches the user from db by id only....
I have a model:
class User extends JenssegersMongodbEloquentModel implements
AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, Notifiable, HasApiTokens;
protected $collection = 'db.users';
protected $fillable = ['name','phone','email' ...];
......
}
I then use $user->createToken('....')->accessToken
to generate tokens at login.
I then use Auth::user()
to fetch current user from token internally. Which all works, but the bearer tokens are very long.
laravel api
I am using laravel with passport and jensseger mongodb to create an API. All works well, but I notice that the bearer tokens I get from passport are very long. My question is wether passport stores the entire user object in the bearer token, or if Auth::user fetches the user from db by id only....
I have a model:
class User extends JenssegersMongodbEloquentModel implements
AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, Notifiable, HasApiTokens;
protected $collection = 'db.users';
protected $fillable = ['name','phone','email' ...];
......
}
I then use $user->createToken('....')->accessToken
to generate tokens at login.
I then use Auth::user()
to fetch current user from token internally. Which all works, but the bearer tokens are very long.
laravel api
laravel api
asked Nov 24 '18 at 0:33
Daniel VallandDaniel Valland
38321231
38321231
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The tokens are long because they have been base64 encoded.
Here is a random token I found on another SO question:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjgzYmQ5NmNkYWE1MWZhMTJlMzQ4OTEzYWNjOGQwNmMzMjE2YzQ0N2U3ZmQyOWQyYThiNmY1YjUwMzAzZWFlOGU4ZjE4ZjNhM2M4OGE4OGVkIn0.eyJhdWQiOiIxIiwianRpIjoiODNiZDk2Y2RhYTUxZmExMmUzNDg5MTNhY2M4ZDA2YzMyMTZjNDQ3ZTdmZDI5ZDJhOGI2ZjViNTAzMDNlYWU4ZThmMThmM2EzYzg4YTg4ZWQiLCJpYXQiOjE1MzY5NjEyMjgsIm5iZiI6MTUzNjk2MTIyOCwiZXhwIjoxNTY4NDk3MjI4LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.Ev1S4MhkDwdNPMhFIbSNdTUnlK-C4CRiUIHEhBulkjy4rTCkAGVWX01DsAdkGa_SP2o7d9M5Yw71m1yo3FG1eNZriJHbeKfLVz78MaWrX9daITmPhgh8sGaF9JlASU0I3QmVO-hnX57QSFTvDfzBjS3ApDx-CUhPV9M7ycljzBoYwiQZHloBpxHVqaavN-9CQQEuaZf8MhRJ-dg2BPoEVHp5lUtsjtZUll4hztvkJO4uz_hth0bo_i7l7pyrcS811BPK1iLAWlmsjdpUziFxCEpVsVVBpO5I8N5SLwgfiEsfM9PuMQua4kkt7whDUzitPQCaPR6TaBifFZfy1Hi37TYenK3aGb8VrX5HbU6HmYeYeIx8lFcugRwktVtuAURoRSWrlAkcfyMRM1nraSBWO3XVLc8nDNtnx6UG3yEjTLeqrUamy43Y5a4wszLnE9iXiPVA0Ip-_Y7gKsL9uE9h523YtIO1nGCJVSg8jr7T1XKWGaTFssJf9E9T5rAmdIu-hbW9Tm2NVL1z0dINva_F6SLmUqWQ0c3Wl1mrHmH3VqEBFP5-FUWzw2hFj1agwLe_933i5UdLl1EHwUqFpr_cVjVj952Do8LzEAuL2LLfZo82kPTP-h5jdWaWmoH-tJ_xXuWoRD5Y9nCFm_6-zJJpR3kcgz3jLMUCu_VAgNWTtw0
Copy and paste that token into here.
Header
{
"typ": "JWT",
"alg": "RS256",
"jti":"83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed"
}
Payload
{
"aud": "1",
"jti": "83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed",
"iat": 1536961228,
"nbf": 1536961228,
"exp": 1568497228,
"sub": "5",
"scopes":
}
The payload has the answer to your question, which is the sub
- subject - claim. That represents the authenticated entity ID. So user ID 5.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454216%2fdoes-laravel-passport-serialize-entire-user-object-in-bearer-token%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The tokens are long because they have been base64 encoded.
Here is a random token I found on another SO question:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjgzYmQ5NmNkYWE1MWZhMTJlMzQ4OTEzYWNjOGQwNmMzMjE2YzQ0N2U3ZmQyOWQyYThiNmY1YjUwMzAzZWFlOGU4ZjE4ZjNhM2M4OGE4OGVkIn0.eyJhdWQiOiIxIiwianRpIjoiODNiZDk2Y2RhYTUxZmExMmUzNDg5MTNhY2M4ZDA2YzMyMTZjNDQ3ZTdmZDI5ZDJhOGI2ZjViNTAzMDNlYWU4ZThmMThmM2EzYzg4YTg4ZWQiLCJpYXQiOjE1MzY5NjEyMjgsIm5iZiI6MTUzNjk2MTIyOCwiZXhwIjoxNTY4NDk3MjI4LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.Ev1S4MhkDwdNPMhFIbSNdTUnlK-C4CRiUIHEhBulkjy4rTCkAGVWX01DsAdkGa_SP2o7d9M5Yw71m1yo3FG1eNZriJHbeKfLVz78MaWrX9daITmPhgh8sGaF9JlASU0I3QmVO-hnX57QSFTvDfzBjS3ApDx-CUhPV9M7ycljzBoYwiQZHloBpxHVqaavN-9CQQEuaZf8MhRJ-dg2BPoEVHp5lUtsjtZUll4hztvkJO4uz_hth0bo_i7l7pyrcS811BPK1iLAWlmsjdpUziFxCEpVsVVBpO5I8N5SLwgfiEsfM9PuMQua4kkt7whDUzitPQCaPR6TaBifFZfy1Hi37TYenK3aGb8VrX5HbU6HmYeYeIx8lFcugRwktVtuAURoRSWrlAkcfyMRM1nraSBWO3XVLc8nDNtnx6UG3yEjTLeqrUamy43Y5a4wszLnE9iXiPVA0Ip-_Y7gKsL9uE9h523YtIO1nGCJVSg8jr7T1XKWGaTFssJf9E9T5rAmdIu-hbW9Tm2NVL1z0dINva_F6SLmUqWQ0c3Wl1mrHmH3VqEBFP5-FUWzw2hFj1agwLe_933i5UdLl1EHwUqFpr_cVjVj952Do8LzEAuL2LLfZo82kPTP-h5jdWaWmoH-tJ_xXuWoRD5Y9nCFm_6-zJJpR3kcgz3jLMUCu_VAgNWTtw0
Copy and paste that token into here.
Header
{
"typ": "JWT",
"alg": "RS256",
"jti":"83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed"
}
Payload
{
"aud": "1",
"jti": "83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed",
"iat": 1536961228,
"nbf": 1536961228,
"exp": 1568497228,
"sub": "5",
"scopes":
}
The payload has the answer to your question, which is the sub
- subject - claim. That represents the authenticated entity ID. So user ID 5.
add a comment |
The tokens are long because they have been base64 encoded.
Here is a random token I found on another SO question:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjgzYmQ5NmNkYWE1MWZhMTJlMzQ4OTEzYWNjOGQwNmMzMjE2YzQ0N2U3ZmQyOWQyYThiNmY1YjUwMzAzZWFlOGU4ZjE4ZjNhM2M4OGE4OGVkIn0.eyJhdWQiOiIxIiwianRpIjoiODNiZDk2Y2RhYTUxZmExMmUzNDg5MTNhY2M4ZDA2YzMyMTZjNDQ3ZTdmZDI5ZDJhOGI2ZjViNTAzMDNlYWU4ZThmMThmM2EzYzg4YTg4ZWQiLCJpYXQiOjE1MzY5NjEyMjgsIm5iZiI6MTUzNjk2MTIyOCwiZXhwIjoxNTY4NDk3MjI4LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.Ev1S4MhkDwdNPMhFIbSNdTUnlK-C4CRiUIHEhBulkjy4rTCkAGVWX01DsAdkGa_SP2o7d9M5Yw71m1yo3FG1eNZriJHbeKfLVz78MaWrX9daITmPhgh8sGaF9JlASU0I3QmVO-hnX57QSFTvDfzBjS3ApDx-CUhPV9M7ycljzBoYwiQZHloBpxHVqaavN-9CQQEuaZf8MhRJ-dg2BPoEVHp5lUtsjtZUll4hztvkJO4uz_hth0bo_i7l7pyrcS811BPK1iLAWlmsjdpUziFxCEpVsVVBpO5I8N5SLwgfiEsfM9PuMQua4kkt7whDUzitPQCaPR6TaBifFZfy1Hi37TYenK3aGb8VrX5HbU6HmYeYeIx8lFcugRwktVtuAURoRSWrlAkcfyMRM1nraSBWO3XVLc8nDNtnx6UG3yEjTLeqrUamy43Y5a4wszLnE9iXiPVA0Ip-_Y7gKsL9uE9h523YtIO1nGCJVSg8jr7T1XKWGaTFssJf9E9T5rAmdIu-hbW9Tm2NVL1z0dINva_F6SLmUqWQ0c3Wl1mrHmH3VqEBFP5-FUWzw2hFj1agwLe_933i5UdLl1EHwUqFpr_cVjVj952Do8LzEAuL2LLfZo82kPTP-h5jdWaWmoH-tJ_xXuWoRD5Y9nCFm_6-zJJpR3kcgz3jLMUCu_VAgNWTtw0
Copy and paste that token into here.
Header
{
"typ": "JWT",
"alg": "RS256",
"jti":"83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed"
}
Payload
{
"aud": "1",
"jti": "83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed",
"iat": 1536961228,
"nbf": 1536961228,
"exp": 1568497228,
"sub": "5",
"scopes":
}
The payload has the answer to your question, which is the sub
- subject - claim. That represents the authenticated entity ID. So user ID 5.
add a comment |
The tokens are long because they have been base64 encoded.
Here is a random token I found on another SO question:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjgzYmQ5NmNkYWE1MWZhMTJlMzQ4OTEzYWNjOGQwNmMzMjE2YzQ0N2U3ZmQyOWQyYThiNmY1YjUwMzAzZWFlOGU4ZjE4ZjNhM2M4OGE4OGVkIn0.eyJhdWQiOiIxIiwianRpIjoiODNiZDk2Y2RhYTUxZmExMmUzNDg5MTNhY2M4ZDA2YzMyMTZjNDQ3ZTdmZDI5ZDJhOGI2ZjViNTAzMDNlYWU4ZThmMThmM2EzYzg4YTg4ZWQiLCJpYXQiOjE1MzY5NjEyMjgsIm5iZiI6MTUzNjk2MTIyOCwiZXhwIjoxNTY4NDk3MjI4LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.Ev1S4MhkDwdNPMhFIbSNdTUnlK-C4CRiUIHEhBulkjy4rTCkAGVWX01DsAdkGa_SP2o7d9M5Yw71m1yo3FG1eNZriJHbeKfLVz78MaWrX9daITmPhgh8sGaF9JlASU0I3QmVO-hnX57QSFTvDfzBjS3ApDx-CUhPV9M7ycljzBoYwiQZHloBpxHVqaavN-9CQQEuaZf8MhRJ-dg2BPoEVHp5lUtsjtZUll4hztvkJO4uz_hth0bo_i7l7pyrcS811BPK1iLAWlmsjdpUziFxCEpVsVVBpO5I8N5SLwgfiEsfM9PuMQua4kkt7whDUzitPQCaPR6TaBifFZfy1Hi37TYenK3aGb8VrX5HbU6HmYeYeIx8lFcugRwktVtuAURoRSWrlAkcfyMRM1nraSBWO3XVLc8nDNtnx6UG3yEjTLeqrUamy43Y5a4wszLnE9iXiPVA0Ip-_Y7gKsL9uE9h523YtIO1nGCJVSg8jr7T1XKWGaTFssJf9E9T5rAmdIu-hbW9Tm2NVL1z0dINva_F6SLmUqWQ0c3Wl1mrHmH3VqEBFP5-FUWzw2hFj1agwLe_933i5UdLl1EHwUqFpr_cVjVj952Do8LzEAuL2LLfZo82kPTP-h5jdWaWmoH-tJ_xXuWoRD5Y9nCFm_6-zJJpR3kcgz3jLMUCu_VAgNWTtw0
Copy and paste that token into here.
Header
{
"typ": "JWT",
"alg": "RS256",
"jti":"83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed"
}
Payload
{
"aud": "1",
"jti": "83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed",
"iat": 1536961228,
"nbf": 1536961228,
"exp": 1568497228,
"sub": "5",
"scopes":
}
The payload has the answer to your question, which is the sub
- subject - claim. That represents the authenticated entity ID. So user ID 5.
The tokens are long because they have been base64 encoded.
Here is a random token I found on another SO question:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjgzYmQ5NmNkYWE1MWZhMTJlMzQ4OTEzYWNjOGQwNmMzMjE2YzQ0N2U3ZmQyOWQyYThiNmY1YjUwMzAzZWFlOGU4ZjE4ZjNhM2M4OGE4OGVkIn0.eyJhdWQiOiIxIiwianRpIjoiODNiZDk2Y2RhYTUxZmExMmUzNDg5MTNhY2M4ZDA2YzMyMTZjNDQ3ZTdmZDI5ZDJhOGI2ZjViNTAzMDNlYWU4ZThmMThmM2EzYzg4YTg4ZWQiLCJpYXQiOjE1MzY5NjEyMjgsIm5iZiI6MTUzNjk2MTIyOCwiZXhwIjoxNTY4NDk3MjI4LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.Ev1S4MhkDwdNPMhFIbSNdTUnlK-C4CRiUIHEhBulkjy4rTCkAGVWX01DsAdkGa_SP2o7d9M5Yw71m1yo3FG1eNZriJHbeKfLVz78MaWrX9daITmPhgh8sGaF9JlASU0I3QmVO-hnX57QSFTvDfzBjS3ApDx-CUhPV9M7ycljzBoYwiQZHloBpxHVqaavN-9CQQEuaZf8MhRJ-dg2BPoEVHp5lUtsjtZUll4hztvkJO4uz_hth0bo_i7l7pyrcS811BPK1iLAWlmsjdpUziFxCEpVsVVBpO5I8N5SLwgfiEsfM9PuMQua4kkt7whDUzitPQCaPR6TaBifFZfy1Hi37TYenK3aGb8VrX5HbU6HmYeYeIx8lFcugRwktVtuAURoRSWrlAkcfyMRM1nraSBWO3XVLc8nDNtnx6UG3yEjTLeqrUamy43Y5a4wszLnE9iXiPVA0Ip-_Y7gKsL9uE9h523YtIO1nGCJVSg8jr7T1XKWGaTFssJf9E9T5rAmdIu-hbW9Tm2NVL1z0dINva_F6SLmUqWQ0c3Wl1mrHmH3VqEBFP5-FUWzw2hFj1agwLe_933i5UdLl1EHwUqFpr_cVjVj952Do8LzEAuL2LLfZo82kPTP-h5jdWaWmoH-tJ_xXuWoRD5Y9nCFm_6-zJJpR3kcgz3jLMUCu_VAgNWTtw0
Copy and paste that token into here.
Header
{
"typ": "JWT",
"alg": "RS256",
"jti":"83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed"
}
Payload
{
"aud": "1",
"jti": "83bd96cdaa51fa12e348913acc8d06c3216c447e7fd29d2a8b6f5b50303eae8e8f18f3a3c88a88ed",
"iat": 1536961228,
"nbf": 1536961228,
"exp": 1568497228,
"sub": "5",
"scopes":
}
The payload has the answer to your question, which is the sub
- subject - claim. That represents the authenticated entity ID. So user ID 5.
answered Nov 24 '18 at 3:43
DigitalDrifterDigitalDrifter
8,3662624
8,3662624
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454216%2fdoes-laravel-passport-serialize-entire-user-object-in-bearer-token%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown