I have made an api which validate my JWT Auth token and return user with its module type. But now i want to check that this token is only for this module that is Chiro or PT. Currently my Controller is looking like:

     class AuthenticateUserController extends Controller
 {
      public function getAuthenticatedUser(Request $request)
{
    $modules = DB::table('modules')
        ->join('user_access_modules', 'modules.id', 'user_access_modules.module_id')
        ->where('user_access_modules.user_id', Auth::user()->id)
        ->select('modules.type','modules.id')->first();
    try {

        if (! $user = \Tymon\JWTAuth\Facades\JWTAuth::parseToken()->authenticate()) {
            return response()->json(['user_not_found'], 404);
        }

    } catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {

        return response()->json(['token_expired'], $e->getStatusCode());

    } catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {

        return response()->json(['token_invalid'], $e->getStatusCode());

    } catch (Tymon\JWTAuth\Exceptions\JWTException $e) {

        return response()->json(['token_absent'], $e->getStatusCode());

    }
    $status = true;
    return response()->json(compact('status','user','modules'));
   }
}

This api validates token i am using postman and i am passing Bearer token into my headers and my response on this api is below.

         {
"status": true,
"user": {
    "id": 10,
    "email": "[email protected]",
    "status": 0,
    "created_at": "2019-04-29 11:07:46",
    "updated_at": "2019-04-29 11:07:46",
    "created_by": null,
    "updated_by": null,
    "is_super_admin": 0
},
"modules": {
    "type": "Chiro",
    "id": 6
    }
 }

Now Here i want to check that this token is only for type Chiro no other module can access this token how i can put this condition on my token , currently this token can be used with any module but i want to authenticate token with specific module type.

i am sending body request in postman like this:

    {
"type": "Chiro"
    }

to check this token is only valid for this module: How i can implement this scenario and can solve this problem? Your help will be appreciated.

0 Answers