DEV Community

Create API Rest with Laravel 7.X Passport Authentication And Implement Refresh Token (Part 1)

Mohammad Reza on March 13, 2020

you can find the newer article about this in here Step 1. Install Laravel With this command we install laravel laravel new website ...

Read full post

zafie • Apr 25 '20 • Edited

Hello,

Postman does not respond to me. It just says sending request.
I hit the endpoint with post on 127.0.0.1:8000/api/register and php artisan serve
serves on 127.0.0.1:8000.

Also, I setup my controller to respond with :
$response = $http->request('POST', '127.0.0.1:8000/oauth/token', [
......
]

If I set postman to hit the endpoint on 127.0.0.1/api/register (without :8000) I get
error 404 not found from nginx. (I have not set up nginx nor using it)

Any help?

thisishilo • May 31 '20 • Edited

read my issue in comments

Nicolas V. • May 28 '20

same here, could you solve it ?

thisishilo • May 31 '20 • Edited

for mylemp-nginx/oauth/token :
you have two way for acces to your laravel project
1- php artisan serve ==>> localhost:8000
and
2-with your lamp or zamp or ... ==>> localhost/--project name--/public

for $response request in controller => localhost:8000/oauth/token
and
for postman => localhost/--project_name--/public/api/register or login

and header only Accept => Aplication/json

Amr Ahmed • Nov 13 '22

for calling the local api and for postman testing i made
$response = $http->request('POST', request()->getSchemeAndHttpHost() . '/oauth/token', [ 'form_params' => [ 'grant_type' => 'refresh_token', 'refresh_token' => $refreshToken, 'client_id' => $oClient->id, 'client_secret' => $oClient->secret, 'scope' => '*', ], 'verify' => config('app.env') != DefaultSettingUtil::ENV_LOCAL ]);

ANASS BOUCHFAR • Apr 24 '20 • Edited

hello bro thanks for that but i have a problem in the last step when i register with postman the server is blocked on sending request like this (see pictures) I guess there is a problem with route (/oauth/token)
by the way I have changed the route "mylemp-nginx/oauth/token" with my local with helper route('passport.token')

Luciano Bosco • Mar 15 '21

First of all thanks for this tutorial, really helpful!
For those wondering what is this line for
$oClient = OClient::where('password_client', 1)->first();
The passport /oauth/token endpoint requires a client_id and client_secret, therefore that line fetches the needed information from oauth_clients table and use them in request.
I'm seeing 2 issues in this tutorial:

1- You are fetching twice the $oClient while you can do it just in getTokenAndRefreshToken() function. There is no need to fetch that record in login() and register() functions. You should remove $oClient = OClient::where('password_client', 1)->first(); from both login() and register() and also remove the OClient $oClient parameter in getTokenAndRefreshToken() function.

2- There is a lack of security: the purpose of client_id and client_secret is to provide a unique credential to 3rd party apps. By fetching client_id and client_secret within your controller you are assuming that the 3rd party app is authorized. Any app which knows your login endpoint could perform a brute force attack and overload your database trying to attempt a login directly in users table.
client_id and client_secret should be provided to the 3rd party apps and they should send those values via request.
Saying that, you will have $request->client_id and $request->client_secret to be used in getTokenAndRefreshToken()

c-myers1 • May 14 '20

Great tutorial thanks.

Please why is this piece of code first executed outside then inside getTokenAndRefreshToken:

$oClient = OClient::where('password_client', 1)->first();

Executing before the function seems unnecessary.

Udeme Samuel • May 24 '20 • Edited

Nice Article,
but in an instance where the pasord is a pin and not the regular password how can that be inplemented?

                user = User::where("phone",$phone)->first();
                $user->name = $fullName;
                $user->email = $email;
                // $user->pin = $pin;
                $user->pin = $pin; // Hash::make($pin);

                $password = $request->pin;


                // $success['token'] =  $user->createToken('Gazelle')->accessToken; 
                // $success['name'] =  $user->name;

                $oClient = OClient::where('password_client', 1)->first();
                return $this->getTokenAndRefreshToken($oClient, $user->email, $password);

                $user->save();

Rios de libertad • Mar 25 '20

Hi, I'd like to know how you set up

mylemp-nginx/oauth/token

in getTokenAndRefreshToken()

in order to use it

Mohammad Reza • Mar 26 '20

Hi, i dockerized my project and that is my container name, you should replace it with "localhost/oauth/token" or "localhost:8080/oauth/token" (if you are using "php artisan serv") and you don't need to set up anything

Rios de libertad • Mar 27 '20 • Edited

I was looking in documentation for the problem and found that having php and the web server (nginx) in different docker containers don't communicate by curl because php makes a call to localhost and not to the nginx container, for that reason it can't solve the url.

The solution is to put in the docker-compose.yml file in the container with php

extra_hosts:
- "url-container:172.18.0.3"

url-container: is the url our project.
172.18.0.3: The ip of the web server container (nginx in my case).

Change nginx-service to the name of the container where you have the web server.

I had to reboot everything to make it work, even my machine

My docker-compose.yml

version: '3.5'

networks:
servicesnet:
name: networkservices
driver: bridge

services:
nginx:
image: nginx:latest
container_name: nginx-service
ports:
- "80:80"
- "443:443"
networks:
- servicesnet
volumes:
- ../../mywebs:/var/www/localhost/htdocs
- ./pages/default:/var/www/localhost/htdocs/default
- ./nginx/config:/etc/nginx
- ./nginx/logs:/var/log/nginx
- ./nginx/certificates:/sites/ssl
links:
- php
php:
image: lep-alpine_php
container_name: php-service
volumes:
- ../../mywebs:/var/www/localhost/htdocs
- ./pages/default:/var/www/localhost/htdocs/default
- ./php:/etc/php7
networks:
- servicesnet
extra_hosts:
- "url-container:172.18.0.3"

jamols09 • Jul 15 '20

Hello can you help me understand why is it always

$oClient = OClient::where('password_client', 1)->first(); ? Why always one? Or like what table does this reference to?

Mohammad Reza • Jul 17 '20

Hi
I need one oclient user and password_client is a flag that i can use it and get a my oclient so i used it , if you have a better idea let's share it with me

Martijn • Sep 18 '20

Great tutorial! the whole refresh_token part is difficult to get from the documents You explained it well. Thanks

Ariel Vicente • Jul 29 '20 • Edited

Hi! Great tutorial!!
One question, why your get the first oClient?:
$oClient = OClient::where('password_client', 1)->first();

Thanks!

Hendi Santika • May 1 '20

Nice article.
Is there any github repo for this?
Coz, I can't find github.com/azibom
Thanks

din abu • May 30 '20

Salam, I have question. By having Passport Authentication in the app, do I need to install Laravel make:auth? As we know, default Laravel auth includes forgot password, send confirmation, etc.

Nicolas V. • May 28 '20 • Edited

HI !
im trying to make post on api/register but my server never response, any idea ?

Muhammad Uzair • Jun 12 '20

I am having same issue. let me add more detail to it.
Following above installation process in laravel 7.0. when I use postman to check register api, user get registered and inserted into database but the part:
$response = $http->request('POST', env('APP_URL').'/oauth/token', [.....
does not return anything..
I searched on internet, someone said you have to pass timeout to Guzzle's http request. I did and it throws error "Connection time out".

din abu • May 30 '20 • Edited

have u run the php artisan serve?

seyyed ali salmabadi • Aug 10 '20

I had to put
Passport::enableImplicitGrant(); in authserviceprovider boot method for using this method of sign in