Laravel 5.3 : Integration of API Authentiation (Passport)

Hi Everybody

Today we will learn how to itegrate Passport in laravel 5.3 and generate tokens password grant client. Laravel Passport provides a full OAuth2 server implementation for our Laravel application. APIS do not maintain session state between requests. So we need a tokens to Authenticate users. 

Step 1 : Go to your project folder and Install Passport via the Composer package manager with following command.

 composer require laravel/passport  

Step 2 : Register the Passport service provider in the providers array of  yourconfig/app.php configuration file:

Laravel\Passport\PassportServiceProvider::class,

Step 3 : The Passport service provider registers its own database migration directory with the framework, so we should migrate our database after registering the provider. The Passport migrations will create the tables our application needs to store clients and access tokens:

php artisan migrate

Step 4 : We should run the passport:install command. This command will create the encryption keys needed to generate secure access tokens. In addition, the command will create "personal access" and "password grant" clients which will be used to generate access tokens:

php artisan passport:install

Step 5 : After running this command, add the Laravel\Passport\HasApiTokens trait to our App\User model. This trait will provide a few helper methods to our model which allow us to inspect the authenticated user's token and scopes:

<?php

namespace App;

use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;
}

Step 6 : We should call the Passport::routes method within the boot method of our AuthServiceProvider. This method will register the routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens:

<?php

namespace App\Providers;

use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Passport::routes();
    }
}

Step 7 : Finally, in our config/auth.php configuration file, we should set the driver option of the api authentication guard to passport. This will instruct our application to use Passport's TokenGuard when authenticating incoming API requests:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Above step also mentioned in laravel official document for installing Passport.

Now go to your controller, where we want to generate access and refresh token. Inside the controller write the following script.

 $http = new GuzzleHttp\Client();  
 $oauth_client = DB::table('oauth_clients')->where('name', '=', 'Laravel Password Grant Client')  
   ->where('password_client', '=', 1)->first();  
 $response = $http->post(url('/') . '/oauth/token', [  
   'form_params' => [  
     'grant_type' => 'password',  
     'client_id' => $oauth_client->id,  
     'client_secret' => $oauth_client->secret,  
     'username' => $request->email,  
     'password' => $request->password,  
     'scope' => '',  
   ],  
 ]);  
 $response_body = json_decode((string)$response->getBody(), true);  
 $access_token = $response_body['access_token'] ;  
 $refresh_token = $response_body['refresh_token'];  

Now token is generated through password grant client.

Thanks