Pratical step-by-step how to do a RESTful API in Laravel 5.5 with authentication by email and password using Laravel Passport (OAuth 2.0)
- Apache
- PHP
- Composer
- Laravel new app created
The project in this repo contains all the steps finalized
In the project dir run
composer require laravel/passport
php artisan migrate
php artisan passport:install
<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
[...]
}
In the "app/Providers/AuthServiceProvider.php" add passport routes to boot method
<?php
namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
}
In the "config/auth.php" adjust the driver for api auth
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
In the "routes/api.php" add routes to login, register and logout
<?php
use Illuminate\Http\Request;
Route::post('login', 'Auth\LoginController@login');
Route::post('register', 'Auth\RegisterController@register');
//protected routes
Route::group(['middleware' => 'auth:api'], function() {
Route::get('logout', 'Auth\LoginController@logout');
});
In the Login Controller (Controllers/Auth/LoginController.php) add login and logout methods
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\User;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->attemptLogin($request)) {
$user = Auth::user();
$success['token'] = $user->createToken('MyApp')->accessToken;
$success['user'] = $user;
return response()->json($success, 200);
}
return $this->sendFailedLoginResponse($request);
}
public function logout()
{
$user = Auth::user();
$user->token()->revoke();
$user->token()->delete();
return response()->json(null, 204);
}
}
In the Register Controller (Controllers/Auth/RegisterController.php) add register method
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\Request;
class RegisterController extends Controller
{
use RegistersUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest');
}
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed',
]);
}
public function register(Request $request)
{
$this->validator($request->all())->validate();
$user = User::create([
'name' => $request['name'],
'email' => $request['email'],
'password' => bcrypt($request['password']),
]);
$this->guard()->login($user);
$success['token'] = $user->createToken('nfce_client')->accessToken;
$success['user'] = $user;
return response()->json($success, 201);
}
}
Register
curl -X POST -H 'Accept: application/json' -d 'name=user&[email protected]&password=passuser&password_confirmation=passuser' http://localhost/laravel-api-auth/api/register
Login
curl -X POST -H 'Accept: application/json' -d '[email protected]&password=passuser' http://localhost/laravel-api-auth/api/login
Logout
curl -H 'Accept: application/json' -H 'Authorization: Bearer token_generated_on_register_or_login' http://localhost/laravel-api-auth/api/logout
- Laravel docs - Laravel Documentation
- Laravel Passport Post - Create REST API with authentication
- Laravel API Tutorial - How to Build and Test a RESTful API