Set Up an OAuth2 Server Using Passport in Laravel

This tutorial demonstrates building a robust OAuth2 server within a Laravel application using the Laravel Passport library. We'll cover server configuration and provide a practical example of consuming OAuth2 APIs. Basic OAuth2 knowledge is assumed. Laravel Passport simplifies the process significantly.

The tutorial is divided into two parts: library installation and configuration, followed by creating and consuming sample resources.

Server Configuration

This section details installing and configuring the necessary components for Passport to function with Laravel.

Installing the Laravel Passport Library

Use Composer to install the library:

composer require laravel/passport

This completes the Passport installation. Next, we'll integrate it into Laravel.

Enabling the Passport Service

Laravel uses service providers to manage application services. To enable Passport, you'll need to add its service provider to config/app.php. (If unfamiliar with Laravel service providers, refer to a relevant introductory resource.) Crucially, you must also register Passport's routes (within the boot method of app/Providers/AuthServiceProvider.php) and run the php artisan passport:install command. This command also allows client creation. Let's create a demo client.

php artisan passport:client

The command prompts for details: user ID, client name, and redirect URI. The redirect URI is where the user is redirected after authorization, carrying the authorization code.

Let's assume the following output:

<code>New client created successfully.
Client ID: 3
Client secret: 1BT1tNj0Are27IGvIZe4lE2jRjtiVt0fmtaWBe8m</code>

Now, we can test the OAuth2 APIs.

For this example, we'll create an oauth2_client directory in the document root (ideally, this would reside on the third-party application consuming your API).

Create oauth2_client/auth_redirection.php:

<?php
$query = http_build_query([
    'client_id' => '3',
    'redirect_uri' => 'http://localhost/oauth2_client/callback.php',
    'response_type' => 'code',
    'scope' => '',
]);

header('Location: http://your-laravel-site-url/oauth/authorize?' . $query);
?>

Remember to replace placeholders like client_id and redirect_uri with your actual values.

Next, create oauth2_client/callback.php:

<?php
if (isset($_REQUEST['code']) && $_REQUEST['code']) {
    $ch = curl_init();
    $url = 'http://your-laravel-site-url/oauth/token';

    $params = [
        'grant_type' => 'authorization_code',
        'client_id' => '3',
        'client_secret' => '1BT1tNj0Are27IGvIZe4lE2jRjtiVt0fmtaWBe8m',
        'redirect_uri' => 'http://localhost/oauth2_client/callback.php',
        'code' => $_REQUEST['code'],
    ];

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

    $params_string = '';
    if (is_array($params) && count($params)) {
        foreach ($params as $key => $value) {
            $params_string .= $key . '=' . $value . '&';
        }
        rtrim($params_string, '&');
        curl_setopt($ch, CURLOPT_POST, count($params));
        curl_setopt($ch, CURLOPT_POSTFIELDS, $params_string);
    }

    $result = curl_exec($ch);
    curl_close($ch);
    $response = json_decode($result);

    if (isset($response->access_token) && $response->access_token) {
        $access_token = $response->access_token;

        $ch = curl_init();
        $url = 'http://your-laravel-site-url/api/user/get';
        $header = ['Authorization: Bearer ' . $access_token];
        $query = http_build_query(['uid' => '1']);

        curl_setopt($ch, CURLOPT_URL, $url . '?' . $query);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
        $result = curl_exec($ch);
        curl_close($ch);
        $response = json_decode($result);
        var_dump($result);
    }
}
?>

Again, adjust URLs and credentials as needed.

Workflow

The user interacts with two applications: the Laravel application (with an existing account) and the third-party client (auth_redirection.php and callback.php).

1. The user accesses http://localhost/oauth2_client/auth_redirection.php.
2. This redirects to the Laravel application's authorization page.
3. After login and authorization, the user is redirected to http://localhost/oauth2_client/callback.php with an authorization code.
4. callback.php exchanges the code for an access token.
5. The access token is used to make API calls (e.g., to http://your-laravel-site-url/api/user/get).

Conclusion

This tutorial showcased Laravel Passport's ease of use in setting up an OAuth2 server. For further Laravel development resources, explore Envato Market.

The above is the detailed content of Set Up an OAuth2 Server Using Passport in Laravel. For more information, please follow other related articles on the PHP Chinese website!