Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Laravel Api Authentication - Step by Step
Pratical step-by-step how to do a RESTful API in Laravel 5.5 with authentication by email and password using Laravel Passport (OAuth 2.0)
Prerequisites
- Apache
- PHP
- Composer
- Laravel new app created
Initial notes
The project in this repo contains all the steps finalized
Step 1 - Add Laravel Passport to composer.json
In the project dir run
composer require laravel/passport
Step 2 - Run migrations
php artisan migrate
Step 3 - Install Laravel Passport
php artisan passport:install
Step 4 - Add HasApiTokens at app/User.php
<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
[...]
}Step 5 - Add Passport Routes to auth provider
In the "app/Providers/AuthServiceProvider.php" add passport routes to boot method
<?php
namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
}Step 6 - Alter auth api driver to "passport"
In the "config/auth.php" adjust the driver for api auth
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
Step 7 - Add endpoints for auth control
In the "routes/api.php" add routes to login, register and logout
<?php
use Illuminate\Http\Request;
Route::post('login', 'Auth\LoginController@login');
Route::post('register', 'Auth\RegisterController@register');
//protected routes
Route::group(['middleware' => 'auth:api'], function() {
Route::get('logout', 'Auth\LoginController@logout');
});Step 8 - Create login and logout methods
In the Login Controller (Controllers/Auth/LoginController.php) add login and logout methods
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\User;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->attemptLogin($request)) {
$user = Auth::user();
$success['token'] = $user->createToken('MyApp')->accessToken;
$success['user'] = $user;
return response()->json($success, 200);
}
return $this->sendFailedLoginResponse($request);
}
public function logout()
{
$user = Auth::user();
$user->token()->revoke();
$user->token()->delete();
return response()->json(null, 204);
}
}Step 9 - Create register method
In the Register Controller (Controllers/Auth/RegisterController.php) add register method
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\Request;
class RegisterController extends Controller
{
use RegistersUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest');
}
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed',
]);
}
public function register(Request $request)
{
$this->validator($request->all())->validate();
$user = User::create([
'name' => $request['name'],
'email' => $request['email'],
'password' => bcrypt($request['password']),
]);
$this->guard()->login($user);
$success['token'] = $user->createToken('nfce_client')->accessToken;
$success['user'] = $user;
return response()->json($success, 201);
}
}Step 10 - Test endpoints
Register
curl -X POST -H 'Accept: application/json' -d 'name=user&[email protected]&password=passuser&password_confirmation=passuser' http://localhost/laravel-api-auth/api/register
Login
curl -X POST -H 'Accept: application/json' -d '[email protected]&password=passuser' http://localhost/laravel-api-auth/api/login
Logout
curl -H 'Accept: application/json' -H 'Authorization: Bearer token_generated_on_register_or_login' http://localhost/laravel-api-auth/api/logout
References
- Laravel docs - Laravel Documentation
- Laravel Passport Post - Create REST API with authentication
- Laravel API Tutorial - How to Build and Test a RESTful API