Passport Multi-Auth
Requirement
$ composer create-project laravel/laravel "Name"
$ php artisan make:auth
$ composer require laravel/passport
$ php artisan migrate
$ php artisan passport:install
Create two more clients with ID 3 and 4., (*3)
$ php artisan passport:client --password
Installing and configuring package
$ composer require danilo/passport ~1.1.0-a
- Add provider to
config/app.php file:
'providers' => [
...
jumpitt\passport\MultiServiceProvider::class,
],
$ php artisan vendor:publish
And choose the provider jumpitt\passport\MultiServiceProvider, (*4)
$ php artisan migrate
- Modify User Model, make it use
HasApiTokens and add some constant for use as client_id from the oauth_clients table.
<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
const PASSPORT = 4;
protected $fillable = [
'name', 'email', 'password',
];
...
}
- Register the published middlewares
PassportCustomProvider and CheckGuard on $routeMiddleware on app/Http/Kernel.
class Kernel extends HttpKernel
{
...
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'check-guard' => \App\Http\Middleware\CheckGuard::class,
'custom-provider' => \App\Http\Middleware\PassportCustomProvider::class,
];
...
}
Basic usage
- Add the 'provider' parameter in your request at
/oauth/token:
POST /oauth/token HTTP/1.1
Host: localhost
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8
Cache-Control: no-cache
{
"username":"emailcustomer@domain.com",
"password":"password",
"grant_type" : "password",
"client_id": "client-id",
"client_secret" : "client-secret",
"provider" : "customers"
}
- Add middleware to route, for example:
<?php
use Illuminate\Http\Request;
Route::group(['middleware' => ['check-guard:customer', 'auth:customer']], function(){
Route::post('details', 'TestController@details');
});
- Create a new customer, login with
customers provider parameter on oauth/token and call route with access token:
post /api/details HTTP/1.1
Host: localhost
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbG ...
Response if is customer:, (*5)
{
"success": {
"id": 1,
"name": "name",
"email": "correocustomer@gmail.com",
"created_at": "2018-01-03 13:11:25",
"updated_at": "2018-01-03 13:11:25"
}
}
Response if isn't customer:, (*6)
{
"error": "Unauthorised"
}
Wallogit.com
