Create API Rest with Laravel 5.6 Passport Authentication (Part 1)

https://medium.com/modulr/create-api-authentication-with-passport-of-laravel-5-6-1dc2d400a7f

Create API Rest with Laravel 5.6 Passport Authentication (Part 1)

Alfredo BarronAlfredo BarronFollowMay 9, 2018 · 5 min read

We learning to create a authentication system with API Laravel Authentication Passport OAuth

Notice we recommend upgrading to a more modern version. Read upgrade instructions.Image for postImage for post

Step 1. Install Laravel

In first step, we require to get fresh Laravel application using bellow command, So open your terminal or command prompt and run bellow command:

laravel new auth

Step 2. Install Laravel Passport Package

Laravel Passport provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.

composer require laravel/passport

Step 3. Run Migration

The Passport migrations will create the tables your application needs to store clients and access tokens.

php artisan migrate

Step 4. Generate keys

This command will create the encryption keys needed to generate secure access tokens. In addition, the command will create “personal access” and “password grant” clients which will be used to generate access tokens:

php artisan passport:install

After running this command, add the Laravel\Passport\HasApiTokens trait to your App\Usermodel. This trait will provide a few helper methods to your model which allow you to inspect the authenticated user's token and scopes:

Step 5. Passport Config

<?phpnamespace App;use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;class User extends Authenticatable
{
    use Notifiable, HasApiTokens;
}

Next, you should call the Passport::routes method within the boot method of your AuthServiceProvider. This method will register the routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens:

<?phpnamespace App\Providers;use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
    ];    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();        Passport::routes();
    }
}

Finally, in your config/auth.php configuration file, you should set the driver option of the api authentication guard to passport. This will instruct your application to use Passport's TokenGuard when authenticating incoming API requests:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Step 6. Create API Routes

We will create api routes. Laravel provide routes/api.php file for write web services route. So, let’s add new route on that file.

<?phpuse Illuminate\Http\Request;Route::group([
    'prefix' => 'auth'
], function () {
    Route::post('login', 'AuthController@login');
    Route::post('signup', 'AuthController@signup');
  
    Route::group([
      'middleware' => 'auth:api'
    ], function() {
        Route::get('logout', 'AuthController@logout');
        Route::get('user', 'AuthController@user');
    });
});

Step 7: Create Controller

In last step we have to create new controller and four api method. So let’s create AuthController and put bellow code:

<?phpnamespace App\Http\Controllers;use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Carbon\Carbon;
use App\User;class AuthController extends Controller
{
    /**
     * Create user
     *
     * @param  [string] name
     * @param  [string] email
     * @param  [string] password
     * @param  [string] password_confirmation
     * @return [string] message
     */
    public function signup(Request $request)
    {
        $request->validate([
            'name' => 'required|string',
            'email' => 'required|string|email|unique:users',
            'password' => 'required|string|confirmed'
        ]);        $user = new User([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password)
        ]);        $user->save();        return response()->json([
            'message' => 'Successfully created user!'
        ], 201);
    }
  
    /**
     * Login user and create token
     *
     * @param  [string] email
     * @param  [string] password
     * @param  [boolean] remember_me
     * @return [string] access_token
     * @return [string] token_type
     * @return [string] expires_at
     */
    public function login(Request $request)
    {
        $request->validate([
            'email' => 'required|string|email',
            'password' => 'required|string',
            'remember_me' => 'boolean'
        ]);        $credentials = request(['email', 'password']);        if(!Auth::attempt($credentials))
            return response()->json([
                'message' => 'Unauthorized'
            ], 401);        $user = $request->user();        $tokenResult = $user->createToken('Personal Access Token');
        $token = $tokenResult->token;        if ($request->remember_me)
            $token->expires_at = Carbon::now()->addWeeks(1);        $token->save();        return response()->json([
            'access_token' => $tokenResult->accessToken,
            'token_type' => 'Bearer',
            'expires_at' => Carbon::parse(
                $tokenResult->token->expires_at
            )->toDateTimeString()
        ]);
    }
  
    /**
     * Logout user (Revoke the token)
     *
     * @return [string] message
     */
    public function logout(Request $request)
    {
        $request->user()->token()->revoke();        return response()->json([
            'message' => 'Successfully logged out'
        ]);
    }
  
    /**
     * Get the authenticated User
     *
     * @return [json] user object
     */
    public function user(Request $request)
    {
        return response()->json($request->user());
    }
}

Now we are ready to run our example so run bellow command to quick run:

php artisan serve

Tests

Now, we can simple test by rest client tools (Postman), So I test it and you can see below screenshots.

In this api you have to set two header as listed below:

Content-Type: application/json
X-Requested-With: XMLHttpRequest
Image for post

Signup

Image for post
Image for post

Login

Image for post
Image for post

Logout

Image for post
Image for post

User

Image for post
Image for post

Thanks for reading! I’m Alfredo Barrón, Feel free to connect with me via Twitter.

Part 1. Passport Authentication Part 2. Confirm account + notifications Part 3. Generate avatar Part 4. Reset Password Part 5. Send Notifications with Queues on Redis

Resources

-GitHub -Postman collections

References

-Laravel Passport -Create REST API in Laravel with authentication using Passport excelent tutorial by Urjit Rajgor

Previous[Laravel] Xác thực API với Laravel 5.6 Passport Authentication (Part1) (ok)NextAPI Rest with Laravel 5.6 Passport Authentication — Confirm account + notifications (Part 2) (ok)

Last updated

Was this helpful?