How to Set Up Laravel Passport for Api Authentication?

Laravel Passport Setup

Laravel Passport provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server to provide a solid implementation and seamless integration into any Laravel application. In this guide, we’ll walk through setting up Laravel Passport for API authentication.

Prerequisites #

Before starting, you must have the following:

  1. A working Laravel application.
  2. Composer installed on your system.
  3. Basic understanding of APIs and authentication mechanisms.

Step-by-Step Guide #

Step 1: Install Laravel Passport #

To get started with Passport, install it using Composer:

composer require laravel/passport

Step 2: Migrate the Database #

After installing Passport, you need to run the migrate command to create the necessary tables:

php artisan migrate

This command will create tables that will manage the clients, tokens, and other related data.

Step 3: Install Passport #

Once the migration is complete, install Passport using the following command:

php artisan passport:install

This command will create encryption keys needed to generate secure access tokens. It will also create “personal access” and “password grant” clients that you can use to issue tokens.

Step 4: Configure AuthServiceProvider #

Next, you should call the Passport::routes method within the boot method of your AuthServiceProvider. This method will register the routes necessary to issue access tokens and revoke them:

use Laravel\Passport\Passport;

public function boot()
{
    $this->registerPolicies();

    Passport::routes();
}

Step 5: Update User Model #

Implement the Illuminate\Contracts\Auth\MustVerifyEmail contract on your User model if it already doesn’t implement it:

namespace App\Models;

use Laravel\Passport\HasApiTokens;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

class User extends Authenticatable implements MustVerifyEmail
{
    use HasApiTokens, Notifiable;
}

Step 6: Securing Routes #

Implement middleware in your api.php routes file to use auth:api guard:

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Step 7: Configuring Token Lifetimes #

You can configure Passport to issue long or short-lived tokens based on your application’s requirements. The tokensExpireIn, refreshTokensExpireIn, and personalAccessTokensExpireIn functions will allow you to define the lifetimes of each token.

Passport::tokensExpireIn(now()->addDays(15));
Passport::refreshTokensExpireIn(now()->addDays(30));
Passport::personalAccessTokensExpireIn(now()->addMonths(6));

Conclusion #

By following these steps, you can easily implement API authentication using Laravel Passport. It’s an efficient tool for managing OAuth2 authentication and protecting your API endpoints. For related topics, you can explore Laravel URL optimization and Laravel database fields to further enhance your Laravel application’s efficiency.

By integrating Passport, you are on your way to building secure and robust APIs with Laravel. Enjoy coding!

 
0
Kudos
 
0
Kudos

Now read this

What Are Common Causes for an Unstable Ping Result?

Introduction # An unstable ping result can be both frustrating and detrimental, especially in environments where internet stability is crucial, such as gaming, video conferences, or any real-time applications. Understanding the common... Continue →