Support the ongoing development of Laravel.io →
damku999
posted 4 years ago
Authentication Laravel Security
Last updated 2 years ago.
0
firtzberg
replied 4 years ago

I am not 100% sure, but I think you want to override the createToken() method in ApiTokenCookieFactory. Add the IP in there.

Then you might wanna take the IP from the decoded JWT and throw an exception if it doesn't match the current on. Looks like you can do it in the decodeJwtTokenCookie() method of TokenGuard.

0
wolfiton
replied 4 years ago

Are you storing those ips in the database @damku999 or only in the jwt?

0
firtzberg
replied 4 years ago

This will only have effect if you save the jwt into the cookie. It seems the Firebase JWT PHP package is used for cookies and the League's server for Bearer tokens.

To save it in the Bearer token as well, you need to dig deeper into League's server implementation. I did so and it seems that they use lcobucci's library to handle the validation. You should implement your own constraint and somehow append it.

wolfiton liked this reply

1

Sign in to participate in this thread!

Eventy

Your banner here too?

Darshan H baraiya damku999 Joined 6 Sep 2017

Moderators

We'd like to thank these amazing companies for supporting us

Eventy NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise