Laravel development: How to implement API authentication using Laravel Passport and Lumen?

With the rapid development of mobile technology and cloud computing, many companies have developed their own API services and made them part of their core business. During this process, it becomes very important to protect API data and ensure that only authorized users can access this API data. Therefore, API authentication becomes an important topic. In Laravel and Lumen, API authentication can be implemented using Laravel Passport.

Laravel Passport is an API authentication system based on the OAuth2 standard. It provides an easy way to create API authentication and supports multiple clients and authorization methods. In this article, we will cover how to implement API authentication using Laravel Passport and Lumen.

Installation and configuration of Laravel Passport

First, we need to install Laravel Passport in the Laravel project. Use the following command to install:

composer require laravel/passport

After completing the installation, we need to run the following command to perform the necessary migrations:

php artisan migrate

php artisan passport:install

The above passport:install command will create the client and key for authentication. We also need to register the authentication route using the Passport::routes() method provided by Laravel Passport in the startup service provider:

// app/Providers/AuthServiceProvider.php

use LaravelPassportPassport;

// ...

public function boot() 
{
    // ...
    
    Passport::routes();
}

This will register the route provided by Laravel Passport so that we can use it to Authentication. At the same time, we also need to select the passport driver in the config/auth.php configuration file:

'guards' => [
    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Use Laravel Passport in Lumen

If our project uses the Lumen framework Created, then we can use the Lumen version of Laravel Passport, which provides a way to be compatible with Lumen. We can use the following command to install Laravel Passport:

composer require dusterio/lumen-passport

After the installation is complete, we need to add the following two lines of code to the bootstrap/app.php file to register the service provider of Lumen Passport:

$app->register(DusterioLumenPassportPassportServiceProvider::class);
$app->configure('auth');

After completing the registration, we need to register routing and middleware. We can add the following code to the app/Http/routes.php file to register the routes provided by Lumen Passport:

$app->group(['middleware' => ['api']], function ($app) {
    DusterioLumenPassportLumenPassport::routes($app, ['prefix' => 'auth']);
});

In the above code, the prefix option specifies the route prefix, middleware specifies the middleware used.

Next, we need to add the middleware provided by Lumen Passport. In the bootstrap/app.php file, add the following code to register the middleware:

$app->middleware([
    // ...
    DusterioLumenPassportHttpMiddlewareAddCustomHeaders::class,
]);

After registration, we have completed the configuration of using Laravel Passport in Lumen.

Use password authorization for authentication

Once we complete the configuration of Laravel Passport, we can use password authorization for authentication. In this authorization method, the client needs to use the client ID and secret key to request an access token, and then use the access token to request protected API resources.

We can use the following code to request the access token:

$postData = [
    'grant_type' => 'password',
    'client_id' => '{client-id}',
    'client_secret' => '{client-secret}',
    'username' => '{username}',
    'password' => '{password}',
    'scope' => '',
];

$ch = curl_init('http://api.example.com/oauth/token');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);

$accessToken = json_decode($response)->access_token;

In the above code, we have used the curl library to request the access token from our API service. Please note that {client-id} and {client-secret} need to be replaced with the real client ID and secret, {username} and {password} needs to be replaced with real user credentials.

Once we obtain the access token, we can use it to access the protected API resource. When accessing the API, we need to put the access token in the Authorization header. You can do this in Laravel using the following code:

$response = Http::withHeaders([
    'Authorization' => 'Bearer ' . $accessToken,
])->get('http://api.example.com/api/user');

In the above code, we use Laravel's HTTP client to access the API. When the client makes a request, we put the access token in the Authorization header so that the API service can validate the token and return the protected resource.

Conclusion

Using Laravel Passport and Lumen, we can add strong authentication capabilities to our API services. When implementing API authentication, we need to understand the OAuth2 authorization protocol and its authorization method. When using password authorization, the client needs to use the client ID and secret key to request an access token. Once we obtain the access token, we can use it to access protected API resources.

The above is the detailed content of Laravel development: How to implement API authentication using Laravel Passport and Lumen?. For more information, please follow other related articles on the PHP Chinese website!