This API provides authentication-related endpoints for user login, verification, password reset, and logout.
- PHP 8+
- Composer
- Laravel Framework Installed
- MySQL database
-
Clone the repository:
git clone https://github.com/sofyanBoukir/Backend-Auth.git cd Backend-Auth -
Install dependencies:
composer install
-
Copy the environment file and configure the database:
cp .env.example .env
Update
.envwith your database credentials IMPORTANT -
Setup your smtp data IMPORTANT
MAIL_MAILER=smtp MAIL_HOST=smtp.gmail.com MAIL_PORT=465 [email protected] MAIL_PASSWORD=************ MAIL_FROM_ADDRESS="[email protected]" MAIL_FROM_NAME="SOFYAN"
-
Setup your frontend (Example) on
.envFRONTEND_URL=http://localhost:5173 -
Generate application key:
php artisan key:generate
-
Run migrations:
php artisan migrate
-
Install and configure JWT authentication:
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"Generate JWT secret key:
php artisan jwt:secret
-
Start the development server:
php artisan servehttp://localhost:8000/api/auth
Endpoint:
POST /auth/login
Description: Authenticate a user using email and password.
Request Body:
{
"email": "[email protected]",
"password": "password"
}Response:
{
"token" : "token gived from server",
"userDara": {
"id" : 1,
"name" : "Test User",
"email" : "[email protected]",
"email_verified_at" : "2025-01-30T12:02:08.000000Z",
"created_at" : "2025-01-30T12:02:09.000000Z",
"updated_at" : "2025-01-30T12:02:09.000000Z"
}
}Or:
{
"message" : "Email or password incorrect"
}Endpoint:
POST /auth/sendVerificationCode
Description:
Sends a verification code to the registered email.
Note!:
Verification code expires in 2 minutes, you can modify it on line 64 now()->addMinutes(2)
Request Body:
{
"email": "[email protected]"
}Response:
{
"message": "Verification code sent successfully"
}OR:
{
"message": "User with this email already exists"
}Endpoint:
POST /auth/verifyCode
Description: Verifies the code sent to the user's email.
Request Body:
{
"email" : "[email protected]",
"code" : "123456",
"fullName" : "Sofyan bou",
"password" : "1234"
}Response:
{
"message": "Successfully registred"
}Or:
{
"message": "Verification code expired or incorrect!"
}Endpoint:
POST /auth/sendResetLink
Description: Sends a password reset link to the provided email.
Request Body:
{
"email": "[email protected]"
}Response:
{
"message": "Your reset link has been sent to your email"
}Or:
{
"message": "User with this email does not exist"
}Endpoint:
POST /auth/resetPassword
Description: Resets the user's password using the provided token.
Request Body:
{
"email" : "[email protected] from the URL",
"token" : "reset-token from the URL",
"password" : "12345",
"password_confirmation" : "12345"
}Response:
{
"message" : "Password reseted successfully!"
}Or:
{
"message" : "This password reset token is invalid."
}Endpoint:
POST /auth/logout
Description: Logs out the authenticated user.
Request Headers:
{
"Authorization": "Bearer {token}"
}Response:
{
"message": "User logged out successfully"
}Or:
{
"message": "Token Signature could not be verified."
}- Only logout route requires a valid JWT token.
- Include the token in the
Authorizationheader asBearer {token}.
- Configure your database credentianls on
.envfile. - Configure your smtp credentials on
.envfile. - Configure your frontend base-url on
.envfile. - Tokens expire after 60 mins a certain period; users must re-authenticate when needed.
- Configure the token time to live in
config/jwt.phpon104lineminutesif you want.