How to implement Passport in Laravel 9 ?

In this tutorial we will learn how to implement full user authentication and a simple form of access control in an API using Laravel and Passport .

1. Install Laravel

composer create-project laravel/laravel passport_api

2. Install Laravel Passport Package

composer require laravel/passport

3. Run Migration

php artisan migrate

4. Generate Keys

php artisan passport:install

5. Edit AuthServiceProvider.php File

public function boot()


6. Edit config / auth.php file

'guards' => [
	'web' => [
		'driver' => 'session',
		'provider' => 'users',
	'api' => [
		'driver' => 'passport',
		'provider' => 'users',

7. Update the User Model

namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
    use Notifiable, HasApiTokens;

8. Create a UserController for the REST API in Laravel

php artisan make:controller UserController

namespace App\Http\Controllers;

use App\User; 
use Validator;
use Exception;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Auth; 
use Laravel\Passport\Client as OClient; 

class UserController extends Controller
    public $successStatus = 200;
    // User Login
    public function login()
        if (Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
            return $this->getTokenAndRefreshToken(request('email'), request('password'));
        else { 
            return response()->json(['error'=>'Unauthorised'], 401); 
    // User Register
    public function register(Request $request) { 
        $validator = Validator::make($request->all(), [ 
            'name' => 'required', 
            'email' => 'required|email|unique:users', 
            'password' => 'required|min:8|confirmed'

        if ($validator->fails()) { 
            return response()->json(['error'=>$validator->errors()], 422);            

        $password = $request->password;
        $input = $request->all(); 
        $input['password'] = bcrypt($input['password']); 
        $user = User::create($input);
        return $this->getTokenAndRefreshToken($user->email, $password);

    // Generate Bearer Token and Refresh Token
    public function getTokenAndRefreshToken($email, $password) { 
        $oClient = OClient::where('password_client', 1)->first();
        $http = new Client;
        $response = $http->request('POST', env('APP_URL').'/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => $oClient->id,
                'client_secret' => $oClient->secret,
                'username' => $email,
                'password' => $password,
                'scope' => '*',

        $result = json_decode((string) $response->getBody(), true);
        return response()->json($result, $this->successStatus);

Now open the routes / api.php file and add the following routes to it:

Route::post('/register', 'UserController@register');
Route::post('/login', 'UserController@login');

9. Tests

php artisan serve
Hi I am Amit Kumar Thakur Experienced as s Software Developer with a demonstrated history of working in the information technology and services industry. Skilled in HTML, CSS, Bootstrap4, PHP, Laravel-9 , REST API,FB API,Google API, Youtube Api, Bitbucket,Github,Linux and jQuery. Strong engineering professional focused in Computer/Information Technology Administration and Management. Currently my profile is to Software Developer, analyze the requirement, creating frame for web application, coding and maintenance.

Related Posts

Database [] not configured Laravel in Laravel ?

In this tutorial i’m going to solve Database [] not configured in laravel. The error message “Database [] not configured Laravel” indicates that there is a missing…

How to send Notifications With Database In Laravel ?

In this tutorial we’re going to learn how to send notification if someone register on our software then send him notification. Install laravel project Next to create…

Cannot access offset of type string on string

In this tutorial i have to solve this error Cannot access offset of type string on string so follow this tutorial i have solved in this tutorials….

How to Generate Instagram Graph Api Access token ?

In this tutorial im going to generate instagram access token in very easy after reading this tutorial you’ll able to generate access token. 1st step Login Facebook…

How to get a Client IP address in Laravel

In this article, We will share with you how to get an IP address in your Laravel application with several way examples. What is IP address ?…

What is the difference between TRUNCATE and DELETE ?

TRUNCATE and DELETE are both used to remove data from a table in Laravel, but they have some important differences. What is TRUNCATE ? TRUNCATE is a…

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x