Laravel 5.7 — API authentification with Laravel Passport
In this tutorial we will develop a full API authentication system which can be used by any application which is able to perform requests (React, Vue or Angular for instance).
We will use Laravel 5.7 and its Passport package: https://laravel.com/docs/5.7/passport
Let’s start!
Install Laravel 5.7 via composer:
composer create-project --prefer-dist laravel/laravel api-authentification
Configure the connection to the database in our .env file:
DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=api-authentification
DB_USERNAME=root
DB_PASSWORD=
Install the basic authentication system integrated in Laravel and Laravel Passport:
composer require laravel/passport
php artisan make:auth
php artisan passport:install
php artisan migrate
Add the Laravel\Passport\HasApiTokens
trait to our App\User
model and the Passport::routes
method within the boot
method of our app/AuthServiceProvider
like that:
And finally set the driver
option of the api
authentication guard to passport
like that:
Laravel Passport is now installed and configured, now we will create a controller to:
- Create an account
- Log in
- Sign out
Let’s go! Create your new controller:
php artisan make:controller Api/AuthController
In this new controller we will create 3 functions: register, login and logout.
Add at the top of the file:
Create the 3 functions:
Register function:
Login function:
Logout function:
Tadam! It’s done.
Before testing, and because we use Laravel only as an API provider, we are going to force all routes to return json. We will use Alex Lichter’s method.
Create a middleware:
php artisan make:middleware ForceJsonResponse
Add to the $routeMiddleware
of the app/Http/Kernel.php
file:
We can now add our routes in routes/api.php
. The register and login routes are public while the logout route will only be accessible when the user is logged in.
So we have:
We will now test that everything is ok with Postman (you can use any other tool to simulate http requests).
We can now check that the route /api/user
is not accessible without authentication:
Creating an account:
The register route returns a token (because it automatically logs you) but we will regenerate it with the login route to check that works well.
We log in with the account we just created:
We copy the token returned to us (this token proves that we are connected).
We go back to the window where we tested the route /api/user
by adding this time our token. For that, go in the tab "Authorization" and select "Bearer Token", paste the token in the input "Token":
Just press “Send”, and…
If you want to go further you can find a lot of information on the features of Laravel Passport here: https://laravel.com/docs/5.7/passport
Feel free to ask me your questions in the comment section 🙂