[Laravel] JWT Login and Refresh token

[1] routes.php

<?php

$router->post('login', 'AuthenticationController@login');
$router->post('logout', 'AuthenticationController@logout');
$router->get('refresh-token', 'RefreshTokensController@refresh');

[2] AuthenticationController.php

<?php

namespace Api\Http\Controllers\Auth;

use Tymon\JWTAuth\JWTAuth;
use Api\Http\Controllers\Controller;
use Api\Http\Requests\Auth\LoginRequest;
use Illuminate\Foundation\Auth\ThrottlesLogins;

class AuthenticationController extends Controller
{
    use ThrottlesLogins;

    /**
     * Logs in a user into the Api
     *
     * @param  LoginRequest $request
     * @return Response
     */
    public function login(LoginRequest $request)
    {
        $credentials = $request->only('email', 'password');

        if (!$token = JWTAuth::attempt($credentials)) {
            return resposne()->json(['message' => 'Your credentials are invalid'], 401);
        }

        return $this->respondWithUserAndToken($token);
    }

    /**
     * Responds with the currently authenticated user.
     *
     * @param  string $token
     * @return Response
     */
    protected function respondWithUserAndToken($token)
    {   
        $user = JWTAuth::toUser($token);

        return response()->json([
            'token' => $token,
            'user' => [
                'id' => $user->id,
                'name' => $user->name,
                'email' => $user->email,
                'role' => $user->role->name
            ]
        ]);
    }
}

[3] RefreshTokensController.php

<?php

namespace Api\Http\Controllers\Auth;

use Tymon\JWTAuth\JWTAuth;

class RefreshTokensController extends Controller
{
    /**
     * Attempts to refresh a token
     * 
     * @return Response
     */
    public function refresh()
    {
        $token = JWTAuth::refresh();
        
        return response()->json(compact('token'));
    }
}