We learning how to implement full user authentication and a simple form of access control in an API using Laravel and Passport .
Installation Requirements:
- PHP 7+, MySQL, and Apache (All three can be installed simultaneously, using XAMPP.)
- Compound
- Laravel 5.3 or More
- Laravel Passport. Laravel Passport is an easy to use OAuth2 server and API authentication package.
- Postman , cURL , and Insomnia to check API
- Text editor
- Laravel Helpers (For Laravel 6.x and up)
Install Laravel and Setup Passport
1. Install Laravel
We require a fresh Laravel application to get using the below command:
composer create-project laravel/laravel auth-passport
2. Install Laravel Passport Package
To install Laravel Passport, run the following command:
composer require laravel/passport
3. Run Migration
To transfer tables for Laravel Passport, run the following command:
php artisan migrate
4. Generate Keys
Create Encryption keys token generate for a secured access token, run following command:
php artisan passport:install
5. Edit AuthServiceProvider.php File
Open the AuthServiceProvider.php file and add the following line to the boot () method:
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
6. Edit config / auth.php file
Set passport as your API driver in config / auth.php file:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
Congratulation, Laravel Passport installed. Next, I will configure it in the Users model.
7. Update the User Model
Now head to the app folder and add a trait to the User model:
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use Notifiable, HasApiTokens;
I will now create a controller and handle the rest of the rest requests.
8. Create a UserController for the REST API in Laravel
Artisan command to create a new controller, run the following command:
php artisan make:controller UserController
Create a new file named UserController.php within it. Open the newly created controller file:
<?php
namespace App\Http\Controllers;
use App\User;
use Validator;
use Exception;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Auth;
use Laravel\Passport\Client as OClient;
class UserController extends Controller
{
public $successStatus = 200;
// User Login
public function login()
{
if (Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
return $this->getTokenAndRefreshToken(request('email'), request('password'));
}
else {
return response()->json(['error'=>'Unauthorised'], 401);
}
}
// User Register
public function register(Request $request) {
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email|unique:users',
'password' => 'required|min:8|confirmed'
]);
if ($validator->fails()) {
return response()->json(['error'=>$validator->errors()], 422);
}
$password = $request->password;
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
return $this->getTokenAndRefreshToken($user->email, $password);
}
// Generate Bearer Token and Refresh Token
public function getTokenAndRefreshToken($email, $password) {
$oClient = OClient::where('password_client', 1)->first();
$http = new Client;
$response = $http->request('POST', env('APP_URL').'/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $oClient->id,
'client_secret' => $oClient->secret,
'username' => $email,
'password' => $password,
'scope' => '*',
],
]);
$result = json_decode((string) $response->getBody(), true);
return response()->json($result, $this->successStatus);
}
}
The register method above handled the registration process for users of our application. To handle validation and ensure that all it fills the required fields for registration, we used Laravel's validation method. This validator will ensure that the name, email, password, and password_confirmation fields are required and return the feedback.
Now open the routes / api.php file and add the following routes to it:
Route::post('/register', 'UserController@register');
Route::post('/login', 'UserController@login');
9. Tests
Now we can run Laravel, run the following command:
php artisan serve
Register User
Login User
