HomeCategoriesQuestions

How to use Laravel Passport for API authentication and OAuth2 implementation?

To use Laravel Passport for API authentication and OAuth2 implementation, follow the steps below:

  1. Install Laravel Passport: Install Laravel Passport by running the following command in your terminal or command prompt:

    composer require laravel/passport

  2. Run the Passport installation command: After the installation, run the passport:install command to create the encryption keys and database tables needed for Passport:

    php artisan passport:install

  3. Set up the Passport routes: In your app/Providers/AuthServiceProvider.php file, add the Passport::routes() method within the boot() method to set up the default authentication routes:

    use Laravel\Passport\Passport; public function boot() { $this->registerPolicies(); Passport::routes(); }

  4. Configure the User model: Update your User model to include the HasApiTokens trait. This trait provides various methods to interact with token-based authentication:

    use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens, Notifiable; // ... }

  5. Set up the Passport middleware: In your app/Http/Kernel.php file, add the CreateFreshApiToken middleware to the web middleware group. This middleware will attach a new token to the response for non-API routes.

    protected $middlewareGroups = [ 'web' => [ // ... \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, ], // ... ];

  6. Run migrations: After setting up the routes and middleware, run the database migrations to create the necessary tables:

    php artisan migrate

  7. Create a Passport client: To create a client for your application, run the following command:

    php artisan passport:client --password

    This command will create a new client and display the client ID and secret. Note these values as you'll need them in the next steps.

  8. Configure the Auth guard: In your config/auth.php file, make sure to set passport as the default guard and specify the api driver:

    'guards' => [ 'web' => [ // ... ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ],

  9. Enable the API routes: In your routes/api.php file, define the API routes that you want to authenticate using Passport. For example:

    Route::middleware('auth:api')->group(function () { // Your authenticated routes here });

  10. Use Passport middleware for authentication: To authenticate a route or a controller method, you can use Passport's auth:api middleware. For example:

    Route::get('/user', function () { // Only authenticated users can access this endpoint })->middleware('auth:api');

  11. OAuth2 implementation: Passport provides functionality for OAuth2 authentication. You can refer to the Laravel Passport documentation for more details on how to implement specific OAuth2 grants, such as Authorization Code, Implicit, Password, or Personal Access Tokens.

Remember to test your API endpoints and authentication flow to ensure everything is working correctly.