Laravel Passport starter

Steps

Create a new Laravel project. composer create-project laravel/laravel -passport-starter --prefer-dist
Install(add) laravel passport composer require laravel/passport
Make sure your database is well set-up
Run php artisan migrate
Run php artisan passport:install This will generate encryption keys and database access clients(personal and Password grant)
Add HasApiTokens trait to your User class.
Next add Passport::routes(); to the AuthServiceProvider to register all the routes needed by passport.
Finally for setup change the api driver from token ro passport in auth.php config file.

Register

For registration do it like any other registration in laravel application, You can even add email verification and the likes.

Login

To login here are the steps:

Create a middleware InjectPasswordGrantCredentials and add it to the named middleware Kernel file.
On the AuthServiceProvider override the oauth/token route to include the InjectPasswordGrantCredentials middleware.
The middleware will require a password_grant_client_id setting in the auth file or you can put it in your app specific config file.
Now it's okay and you can login using Post {{url}}/oauth/token with the following parameters:
- email = '[email protected]' //user input
- password = 'supersecretpassword' //user input
- grant_type = 'password' // This must be password.
In response you will get a token, refresh_token,expires_in and token_type (See login .png)

Access Restricted resources.

In order to access restricted resources, create the url inside the auth:api middleware group.

To be identified as user the Authorization: Bearer {{token}} must be include.
Create a model resource using php artisan make:resource UserResource
Then Get {{url}}/api/user

Refresh Token

The access token given expires after expire_in time given and to get a new token you will need to refresh token. Here are the steps:

use Post {{url}}/oauth/token with the following parameters:
- refresh_token = {{refresh_token}} //Refresh token you got when you logged in
- grant_type = 'refresh_token' // This must be refresh_token.
make sure the header contains Authorization: Bearer {{token}} //Access token got from loggig in.

Log out

To log out just send a post request to {{url}}/api/logout The header must contain Authorization: Bearer {{token}} `

Corrections

If i have missed anything or a better secure way to do it send a pr/issue i will appreciate.

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
app		app
bootstrap		bootstrap
config		config
database		database
public		public
resources		resources
routes		routes
storage		storage
tests		tests
.editorconfig		.editorconfig
.env.example		.env.example
.gitattributes		.gitattributes
.gitignore		.gitignore
artisan		artisan
composer.json		composer.json
composer.lock		composer.lock
login.png		login.png
package.json		package.json
phpunit.xml		phpunit.xml
readme.md		readme.md
server.php		server.php
webpack.mix.js		webpack.mix.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Laravel Passport starter

Steps

Register

Login

Access Restricted resources.

Refresh Token

Log out

Corrections

About

Uh oh!

Releases

Packages

Languages

DevMaurice/passport-starter

Folders and files

Latest commit

History

Repository files navigation

Laravel Passport starter

Steps

Register

Login

Access Restricted resources.

Refresh Token

Log out

Corrections

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages