Recently I needed to tap on Laravel’s Passport programming to control how the JSON Web Tokens (JWT) were being issued. Specifically, I needed to add more claims to it (to hold more user information) and to control how the scopes were being generated.
However, changing Laravel Passport’s behavior to make it happen isn’t quite obvious, and in a world were service-oriented architectures are becoming ever more common, JWT being the de facto way of carrying user’s information through multiple services, and since I couldn’t find quite a good resource to understand how to do it, I thought I could share with you how I approached and solved my own problem.
Hooking to the logic flow, here, and direct it through our own implementation of the AccessTokenRepository class enables us to control how the JWT is created, the information it holds, and many other aspects of it.
In order for being able to add more claims, and control how JWT is generated - and even the scopes associated - we need to override this exact implementation.