netsells/passport-client-cookie

Laravel Passport Client Cookie

This package provides the same cookie based auth that the CreateFreshApiToken middleware does, but for client_credentials. This is useful when you protect non-user routes, but still want to consume them on the frontend without introducing a proxy., _(*1)

Most of the code contained in this package is taken from Laravel Passport and adapted for this use-case - all credit goes to that repo., _(*2)

Installation

composer require netsells/passport-client-cookie

Add to your app.php if not using Laravel 5.5+, _(*3)

    // Other service providers
    Netsells\PassportClientCookie\ServiceProvider::class,
],

Usage

In Http/Kernel.php:, _(*4)

Add to your web middleware group, probably at the bottom., _(*5)

\Netsells\PassportClientCookie\Middleware\CreateFreshClientCredentialsApiToken::class,

Replace your CheckClientCredentials route middleware with the passport client check:, _(*6)

'client' => \Netsells\PassportClientCookie\Middleware\CheckClientCredentials::class,

Testing

You can disable the checking middleware by pulling the WithoutClientCredentialsMiddleware trait in and calling $this->withoutClientCredentialsMiddleware() at the top of your test., _(*7)