API authentification with Laravel (5.8) Passport

#tutorial #laravel #php #webdev

Hey copy-pasters,

Yup! it has been a long since i took a lesson for Gatsby. I gotta do something about it to go back on track.

But wait, I got something for future me to read or you to read,

Have you ever wondered how to secure laravel apis? Why would you. right? You dont have to . But I do. At work . Thats why i have been using "tymondesigns/jwt-auth" package.

So today i thought i could use 'passport' instead of jwt. I found that passport uses jwt. Passport is a package that implements Oauth2 and jwt.

Oh Almost forgot. Motivation time .Skip ahead if you dont prefer to be motivated.

If you are having a bad day think about breakfast you had today. (Unless you are having a bad day just because you dont have breakfast. Irony though) . You have breakfast,So you dont starve even on the start of the day. There are people those who go to work without having breakfast. Not just because they dont have time, but because they can not afford. So be lucky you had food today.

Main content from Here

Description
Install Laravel 5.8 via composer
Configure the connection to the database
Install Package
Run Migration
Install Passport
Passport Configuration
Create API Route

Description

What is Laravel Passport? (Just google)

APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application development in a matter of minutes.

Let’s start!

Install Laravel 5.8 via composer:

composer create-project --prefer-dist laravel/laravel api-authentification</code>

Configure the connection to the database in our .env file:


DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=api-authentification
DB_USERNAME=root
DB_PASSWORD=

Install Package

composer require laravel/passport

After successfully install package, open config/app.php file and add service provider.

'providers' =>[
Laravel\Passport\PassportServiceProvider::class,
],

Run Migration and Install

After Passport service provider registers, we require to run the migration command, when you run the migration command table will be set in database (You allredy know what migration is. right? right?)

php artisan migrate

Next install passport, it will create token keys for security. So let’s run below command:

Install Passport

php artisan passport:install

Passport Configuration

In this step, we have to do the configuration on three files

model
service provider
auth config file

So you have to just follow change on that file.

In model, we are gonna add HasApiTokens class of Passport,

In AuthServiceProvider we are gonna add Passport::routes(),

In auth.php, we added API auth configuration.

app/User.php


<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
  use HasApiTokens, Notifiable;

protected $fillable = [
'name', 'email', 'password',
];

protected $hidden = [
'password', 'remember_token',
];
}

app/Providers/AuthServiceProvider.php

<?php
namespace App\Providers;
use Laravel\Passport\Passport; 
use Illuminate\Support\Facades\Gate; 
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider 
{ 

    protected $policies = [ 
        'App\Model' => 'App\Policies\ModelPolicy', 
    ];

    public function boot() 
    { 
        $this->registerPolicies(); 
        Passport::routes(); 
    } 
}

config/auth.php


<?php
return [
'guards' => [ 
        'web' => [ 
            'driver' => 'session', 
            'provider' => 'users', 
        ], 
        'api' => [ 
            'driver' => 'passport', 
            'provider' => 'users', 
        ], 
    ],

Create API Route

Let us add some routes on the api.php file

routes/api.php


<?php

Route::post('login', 'UserController@login');
Route::post('register', 'UserController@register');
Route::group(['middleware' => 'auth:api'], function()
{
   Route::post('details', 'UserController@details');
});

Create the Controller

In the last step we have to create a new controller and three API methods,

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request; 
use App\Http\Controllers\Controller; 
use App\User; 
use Illuminate\Support\Facades\Auth; 
use Validator;
class UserController extends Controller 
{
public $successStatus = 200;

    public function login(){ 
        if(Auth::attempt(['email' => request('email'), 'password' => request('password')])){ 
            $user = Auth::user(); 
            $success['token'] =  $user->createToken('MyApp')-> accessToken; 
            return response()->json(['success' => $success], $this-> successStatus); 
        } 
        else{ 
            return response()->json(['error'=>'Unauthorised'], 401); 
        } 
    }

    public function register(Request $request) 
    { 
        $validator = Validator::make($request->all(), [ 
            'name' => 'required', 
            'email' => 'required|email', 
            'password' => 'required', 
            'c_password' => 'required|same:password', 
        ]);
if ($validator->fails()) { 
            return response()->json(['error'=>$validator->errors()], 401);            
        }
$input = $request->all(); 
        $input['password'] = bcrypt($input['password']); 
        $user = User::create($input); 
        $success['token'] =  $user->createToken('MyApp')-> accessToken; 
        $success['name'] =  $user->name;
return response()->json(['success'=>$success], $this-> successStatus); 
    }

    public function details() 
    { 
        $user = Auth::user(); 
        return response()->json(['success' => $user], $this-> successStatus); 
    } 
}