Laravel Authentication Using Passport-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Laravel Authentication Using Passport

Linda Hamilton

Jan 04, 2025 am 05:18 AM

Laravel Authentication Using Passport

Mastering Laravel Authentication with Passport: A Step-by-Step Guide

Authentication is a cornerstone of modern web applications. In Laravel, Passport provides a full OAuth2 server implementation, enabling API authentication seamlessly. This guide walks you through the entire process of setting up Laravel Passport, from installation to securing and testing your API.

Introduction

Why Use Laravel Passport?

Laravel Passport simplifies the complexities of OAuth2 authentication by integrating it tightly with Laravel's ecosystem. With Passport, you can:

Authenticate API users securely.
Generate personal access tokens for mobile and web clients.
Manage token expiration and revocation easily.

Prerequisites

Before diving in, ensure you have:

A basic understanding of Laravel.
A Laravel project (v10.x or later is recommended) installed and configured with a database.
PHP 8.0 or later installed.

If you don’t have a project set up, create one with:

composer create-project --prefer-dist laravel/laravel passport-auth
cd passport-auth

Step 1: Install Laravel Passport

Install the Package

Run the following command to add Passport to your project:

composer require laravel/passport

Publish and Migrate Passport Files

Publish the Passport migrations and configuration files:

php artisan vendor:publish --tag=passport-migrations
php artisan migrate

Step 2: Configure Laravel Passport

Install Encryption Keys and Clients

Run the installation command:

php artisan passport:install

This generates encryption keys and creates OAuth clients in your database. Make note of the output, especially the client IDs and secrets.

Optional: Create a Personal Access Client

To create a personal access client explicitly, run:

php artisan passport:client --personal

Step 3: Update the Model

Add the HasApiTokens trait to your user model:

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;

    // Other properties...
}

Step 4: Update Auth Configuration

Configure Passport as the driver for API guards in config/auth.php:

'guards' => [
    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Step 5: Register Passport Routes

In AppProvidersAppServiceProvider, load Passport's routes:

use Laravel\Passport\Passport;

public function boot(): void
{
    Passport::routes();
    Passport::tokensExpireIn(now()->addDays(15));
    Passport::refreshTokensExpireIn(now()->addDays(30));
    Passport::personalAccessTokensExpireIn(now()->addMonths(6));
}

Step 6: Build Authentication API Endpoints

Add Routes

Define API routes in routes/api.php:

use App\Http\Controllers\AuthController;

Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
Route::middleware('auth:api')->get('/user', [AuthController::class, 'user']);

Create the Authentication Controller

Implement authentication methods:

composer create-project --prefer-dist laravel/laravel passport-auth
cd passport-auth

Step 7: Set Permissions for Encryption Keys

Ensure secure access to Passport keys:

composer require laravel/passport

Verify permissions:

php artisan vendor:publish --tag=passport-migrations
php artisan migrate

Expected output:

php artisan passport:install

Step 8: Test the API

Use Postman or any API client to test endpoints:

Register: Send a POST request to /register with name, email, and password.
Login: Send a POST request to /login with email and password.
Get User Data: Send a GET request to /user with the token in the Authorization header.

Best Practices

Use HTTPS in production.
Rotate encryption keys periodically.
Validate inputs thoroughly.
Limit token scopes for better security.

Conclusion

Congratulations! You've successfully implemented API authentication using Laravel Passport. This setup provides a robust foundation for securing your API. Explore advanced Passport features like scopes, token revocation, and client credentials to further enhance your application's security.

The above is the detailed content of Laravel Authentication Using Passport. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP vs. Python: Understanding the DifferencesApr 11, 2025 am 12:15 AM

PHP and Python each have their own advantages, and the choice should be based on project requirements. 1.PHP is suitable for web development, with simple syntax and high execution efficiency. 2. Python is suitable for data science and machine learning, with concise syntax and rich libraries.

PHP: Is It Dying or Simply Adapting?Apr 11, 2025 am 12:13 AM

PHP is not dying, but constantly adapting and evolving. 1) PHP has undergone multiple version iterations since 1994 to adapt to new technology trends. 2) It is currently widely used in e-commerce, content management systems and other fields. 3) PHP8 introduces JIT compiler and other functions to improve performance and modernization. 4) Use OPcache and follow PSR-12 standards to optimize performance and code quality.

The Future of PHP: Adaptations and InnovationsApr 11, 2025 am 12:01 AM

The future of PHP will be achieved by adapting to new technology trends and introducing innovative features: 1) Adapting to cloud computing, containerization and microservice architectures, supporting Docker and Kubernetes; 2) introducing JIT compilers and enumeration types to improve performance and data processing efficiency; 3) Continuously optimize performance and promote best practices.

When would you use a trait versus an abstract class or interface in PHP?Apr 10, 2025 am 09:39 AM

In PHP, trait is suitable for situations where method reuse is required but not suitable for inheritance. 1) Trait allows multiplexing methods in classes to avoid multiple inheritance complexity. 2) When using trait, you need to pay attention to method conflicts, which can be resolved through the alternative and as keywords. 3) Overuse of trait should be avoided and its single responsibility should be maintained to optimize performance and improve code maintainability.

What is a Dependency Injection Container (DIC) and why use one in PHP?Apr 10, 2025 am 09:38 AM

Dependency Injection Container (DIC) is a tool that manages and provides object dependencies for use in PHP projects. The main benefits of DIC include: 1. Decoupling, making components independent, and the code is easy to maintain and test; 2. Flexibility, easy to replace or modify dependencies; 3. Testability, convenient for injecting mock objects for unit testing.

Explain the SPL SplFixedArray and its performance characteristics compared to regular PHP arrays.Apr 10, 2025 am 09:37 AM

SplFixedArray is a fixed-size array in PHP, suitable for scenarios where high performance and low memory usage are required. 1) It needs to specify the size when creating to avoid the overhead caused by dynamic adjustment. 2) Based on C language array, directly operates memory and fast access speed. 3) Suitable for large-scale data processing and memory-sensitive environments, but it needs to be used with caution because its size is fixed.

How does PHP handle file uploads securely?Apr 10, 2025 am 09:37 AM

PHP handles file uploads through the $\_FILES variable. The methods to ensure security include: 1. Check upload errors, 2. Verify file type and size, 3. Prevent file overwriting, 4. Move files to a permanent storage location.

What is the Null Coalescing Operator (??) and Null Coalescing Assignment Operator (??=)?Apr 10, 2025 am 09:33 AM

In JavaScript, you can use NullCoalescingOperator(??) and NullCoalescingAssignmentOperator(??=). 1.??Returns the first non-null or non-undefined operand. 2.??= Assign the variable to the value of the right operand, but only if the variable is null or undefined. These operators simplify code logic, improve readability and performance.

See all articles