codecasts · thetomcake · Dec 9, 2019
diff --git a/config/jwt.php b/config/jwt.php
@@ -99,4 +99,21 @@
 
     'middleware_match' => true,
 
+
+    /*
+    |--------------------------------------------------------------------------
+    | Token detection from request methods
+    |--------------------------------------------------------------------------
+    |
+    | Use an array of strings including: parameter, header
+    |
+    | Header will check the request for the Authorization: Bearer TOKEN header
+    | Parameter will check for the token the request body "token" parameters
+    |
+     */
+    'token_detections' => [
+        'parameter',
+        'header'
+    ]
+
 ];
diff --git a/src/Auth/Guard.php b/src/Auth/Guard.php
@@ -38,6 +38,16 @@ class Guard implements GuardContract
      */
     protected $name;
 
+    /**
+     * Methods used to detect the token in the request
+     *
+     * @var array
+     */
+    protected $detections = [
+        'header',
+        'parameter'
+    ];
+
     /**
      * The currently authenticated user.
      *
@@ -269,15 +279,28 @@ protected function getTokenFromParameter()
      */
     protected function detectedToken()
     {
-        // retrieve the token from request.
-        $detectedToken = $this->getTokenFromHeader() ?? $this->getTokenFromParameter();
+        if (in_array('header', $this->detections, true)) {
+            // retrieve the token from the Authorization header.
+            $headerToken = $this->getTokenFromHeader();
+
+            // if a token was found...
+            if ($headerToken) {
+                // return a new token instance.
+                $this->token = $this->manager()->parseToken($headerToken);
+            }
+        }
+
+        if (in_array('parameter', $this->detections, true)) {
+            // try to find a token passed as parameter on the request.
+            $parameterToken = $this->getTokenFromParameter();
 
-        if ($detectedToken) {
-            // update the currently used token
-            $this->token = $this->manager()->parseToken($detectedToken);
+            // if found...
+            if ($parameterToken) {
+                $this->token = $this->manager()->parseToken($parameterToken);
+            }
         }
 
-        // return current token in use
+        // return null if no token could be found.
         return $this->token;
     }
 
@@ -456,6 +479,16 @@ public function setDispatcher(Dispatcher $events)
         $this->events = $events;
     }
 
+    /**
+     * Set the token detection methods. Accepted: parameter, header
+     *
+     * @param array $detections
+     */
+    public function setTokenDetections(array $detections)
+    {
+        $this->detections = $detections;
+    }
+
     /**
      * Get the current request instance.
      *

diff --git a/src/Auth/ServiceProvider.php b/src/Auth/ServiceProvider.php
@@ -45,6 +45,11 @@ public function register()
             // set a event dispatcher on the guard.
             $guard->setDispatcher(resolve(Dispatcher::class));
 
+            $detections = $this->app['config']->get('jwt.token_detections', ['parameter', 'header']);
+
+            // set the token detection methods
+            $guard->setTokenDetections($detections);
+
             // returns the guard instance.
             return new Guard($app, $name, $userProvider, $tokenManager);
         });