How to implement Passport in Laravel 9 ?

In this tutorial we will learn how to implement full user authentication and a simple form of access control in an API using Laravel and Passport .

1. Install Laravel

composer create-project laravel/laravel passport_api

2. Install Laravel Passport Package

composer require laravel/passport

3. Run Migration

php artisan migrate

4. Generate Keys

php artisan passport:install

5. Edit AuthServiceProvider.php File

public function boot()
{
	$this->registerPolicies();

	Passport::routes();
}

6. Edit config / auth.php file

'guards' => [
	'web' => [
		'driver' => 'session',
		'provider' => 'users',
	],
	
	'api' => [
		'driver' => 'passport',
		'provider' => 'users',
	],
],

7. Update the User Model

<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
    use Notifiable, HasApiTokens;

8. Create a UserController for the REST API in Laravel

php artisan make:controller UserController

<?php

namespace App\Http\Controllers;

use App\User; 
use Validator;
use Exception;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Auth; 
use Laravel\Passport\Client as OClient; 

class UserController extends Controller
{
    public $successStatus = 200;
    
    // User Login
    public function login()
    {
        if (Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
            return $this->getTokenAndRefreshToken(request('email'), request('password'));
        } 
        else { 
            return response()->json(['error'=>'Unauthorised'], 401); 
        } 
    }
    
    // User Register
    public function register(Request $request) { 
        $validator = Validator::make($request->all(), [ 
            'name' => 'required', 
            'email' => 'required|email|unique:users', 
            'password' => 'required|min:8|confirmed'
        ]);

        if ($validator->fails()) { 
            return response()->json(['error'=>$validator->errors()], 422);            
        }

        $password = $request->password;
        $input = $request->all(); 
        $input['password'] = bcrypt($input['password']); 
        $user = User::create($input);
        return $this->getTokenAndRefreshToken($user->email, $password);
    }

    // Generate Bearer Token and Refresh Token
    public function getTokenAndRefreshToken($email, $password) { 
        $oClient = OClient::where('password_client', 1)->first();
        $http = new Client;
        $response = $http->request('POST', env('APP_URL').'/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => $oClient->id,
                'client_secret' => $oClient->secret,
                'username' => $email,
                'password' => $password,
                'scope' => '*',
            ],
        ]);

        $result = json_decode((string) $response->getBody(), true);
        return response()->json($result, $this->successStatus);
    }
}

Now open the routes / api.php file and add the following routes to it:

Route::post('/register', 'UserController@register');
Route::post('/login', 'UserController@login');

9. Tests

php artisan serve

Related Posts

How to Crawl any website Meta Title and Meta Description in Laravel ?

SQLSTATE[HY000] [2002] No such file or directory (Connection: mysql, SQL: insert into `oauth_clients` (`user_id`, `name`, `secret`

Top 20 Laravel Interview Question in 2024

How to Get Google Analytics API key ?

Youtube Subscriber Count in ReactJs

How to Disable Laravel’s Eloquent timestamps in laravel ?