Handle API authentication with Laravel Passport

php editor Xiaoxin will take you to explore using Laravel Passport to handle API authentication. Laravel Passport is a complete OAuth2 server implementation that can help developers easily implement API authentication and provides Many convenient features. Through this article, you will learn how to use Laravel Passport to manage API user authentication and ensure the security of the API interface.

Step 1. Install Laravel

We need to use the following command to create the latest Laravel application, so please open the terminal and execute:

laravel new auth

Step 2. Install Laravel Passport package

Laravel Passport can implement a complete OAuth2 server for your application in minutes.

composer require laravel/passport

Step 3. Run DatabaseMigration

Passport's migration will create the tables your application uses to store clients and Access Tokens.

PHP artisan migrate

Step 4. Generate a secret key

This command will create a secret key to generate a secure Access Token. In addition, it will also create personal access and passWord grant used to generate Access Token:

php artisan passport:install

After execution , add Laravel\Passport\HasApiTokens trait to your App\User model. This trait will add a series of helper functions to the model to verify the user's secret key and scope:

Step 5. Passport configuration

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use Notifiable, HasApiTokens;
}

Next, you should AuthServiceProvider The Passport::routes method is called in the boot method in . This method will register the necessary routes to issue access tokens, revoke access tokens, client and personal tokens:

<?php

namespace App\Providers;

use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    
    protected $policies = [
        &#39;App\Model&#39; => &#39;App\Policies\ModelPolicy&#39;,
    ];

    
    public function boot()
    {
        $this->reGISterPolicies();

        Passport::routes();
    }
}

Finally, in the config/auth.php configuration file, You should set the api permission authentication guard's driver option to passport. When an API request that requires permission authentication comes in, your application will be told to use Passport's TokenGuard.

'guards' => [
    'WEB' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Step 6. Add API routing

Laravel provides the routes/api.php file for us to write web routes, so add a new route in this file That’s it.

<?php

use Illuminate\Http\Request;

Route::group([
    &#39;prefix&#39; => &#39;auth&#39;
], function () {
    Route::post(&#39;login&#39;, &#39;AuthController@login&#39;);
    Route::post(&#39;signup&#39;, &#39;AuthController@signup&#39;);

    Route::group([
      &#39;middleware&#39; => &#39;auth:api&#39;
    ], function() {
        Route::get(&#39;loGout&#39;, &#39;AuthController@logout&#39;);
        Route::get(&#39;user&#39;, &#39;AuthController@user&#39;);
    });
});

Step 7: Create the controller

In the last step we must create a new controller and api method. So we first create AuthController and put the code in it:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Carbon\Carbon;
use App\User;

class AuthController extends Controller
{
    
    public function signup(Request $request)
    {
        $request->validate([
            &#39;name&#39; => &#39;required|string&#39;,
            &#39;email&#39; => &#39;required|string|email|unique:users&#39;,
            &#39;password&#39; => &#39;required|string|confirmed&#39;
        ]);

        $user = new User([
            &#39;name&#39; => $request->name,
            &#39;email&#39; => $request->email,
            &#39;password&#39; => bcrypt($request->password)
        ]);

        $user->save();

        return response()->JSON([
            &#39;message&#39; => &#39;Successfully created user!&#39;
        ], 201);
    }

    
    public function login(Request $request)
    {
        $request->validate([
            &#39;email&#39; => &#39;required|string|email&#39;,
            &#39;password&#39; => &#39;required|string&#39;,
            &#39;remember_me&#39; => &#39;boolean&#39;
        ]);

        $credentials = request([&#39;email&#39;, &#39;password&#39;]);

        if(!Auth::attempt($credentials))
            return response()->json([
                &#39;message&#39; => &#39;Unauthorized&#39;
            ], 401);

        $user = $request->user();

        $tokenResult = $user->createToken(&#39;Personal Access Token&#39;);
        $token = $tokenResult->token;

        if ($request->remember_me)
            $token->expires_at = Carbon::now()->addWeeks(1);

        $token->save();

        return response()->json([
            &#39;access_token&#39; => $tokenResult->accessToken,
            &#39;token_type&#39; => &#39;Bearer&#39;,
            &#39;expires_at&#39; => Carbon::parse(
                $tokenResult->token->expires_at
            )->toDateTimeString()
        ]);
    }

    
    public function logout(Request $request)
    {
        $request->user()->token()->revoke();

        return response()->json([
            &#39;message&#39; => &#39;Successfully logged out&#39;
        ]);
    }

    
    public function user(Request $request)
    {
        return response()->json($request->user());
    }
}

Now we are ready to run our example, run the following command to quickly run:

php artisan serve

---

Testing

Now, we can use REST client tools to simplify testing, such as Postman. I ran the test and you can see the screenshot below.

You need to set the following two header information for this API:

Content-Type: application/json
X-Requested-With: XMLHttpRequest

Registration

Login

Logout

##User

---

Thanks for reading!

Resources

• GitHub

##Postman collections

The above is the detailed content of Handle API authentication with Laravel Passport. For more information, please follow other related articles on the PHP Chinese website!