Auth using passport

  • STEP 1

    1. package

    
                        composer require laravel/passport
                        
    
                        php artisan migrate
    

    Next, generate token keys for strengthening the security and restrain hackers from deteriorating the security of our applications.

    
    php artisan passport:install
    

    2. Configure Passport Module

    app/Models/User.php

    
    namespace App\Models;
    use Illuminate\Contracts\Auth\MustVerifyEmail;
    use Illuminate\Database\Eloquent\Factories\HasFactory;
    use Illuminate\Foundation\Auth\User as Authenticatable;
    use Illuminate\Notifications\Notifiable;
    use Laravel\Passport\HasApiTokens;
    class User extends Authenticatable
    {
        use HasFactory, Notifiable, HasApiTokens;
        /**
         * The attributes that are mass assignable.
         *
         * @var  array
         */
        protected $fillable = [
            'name',
            'email',
            'password',
        ];
        /**
         * The attributes that should be hidden for arrays.
         *
         * @var  array
         */
        protected $hidden = [
            'password',
            'remember_token',
        ];
        /**
         * The attributes that should be cast to native types.
         *
         * @var  array
         */
        protected $casts = [
            'email_verified_at' => 'datetime',
        ];
    }
    
    

    Next, open app/Providers/AuthServiceProvider.php file and register the registerPolicies() method inside the boot() function, It will evoke the required routes.

    
    namespace App\Providers;
    use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
    use Illuminate\Support\Facades\Gate;
    use Laravel\Passport\Passport;
    
    class AuthServiceProvider extends ServiceProvider
    {
        /**
         * The policy mappings for the application.
         *
         * @var  array
         */
        protected $policies = [
            'App\Models\Model' => 'App\Policies\ModelPolicy',
        ];
    
        /**
         * Register any authentication / authorization services.
         *
         * @return  void
         */
        public function boot()
        {
            $this->registerPolicies();
            Passport::routes();
        }
    }
    

    Register the PassportServiceProvider class in providers array inside the config/app.php file:

    
    'providers' => [
            ...
            ... 
            ...
            Laravel\Passport\PassportServiceProvider::class,
        ],
    

    Configure driver for the Passport, get inside the config/auth.php file and make the changes as shown below.

    
    return [
        ....
        ....
        
            'guards' => [
                'web' => [
                    'driver' => 'session',
                    'provider' => 'users',
                ],
        
                'api' => [
                    'driver' => 'passport',
                    'provider' => 'users',
                ],
            ],
        
        ....
        ....
    ]
        

    3. Create Posts Model & Run Migration

    
        php artisan make:model Post -m
        

    4. Controller

    PassportAuthController.php
    
        php artisan make:controller PassportAuthController
        
    
        namespace App\Http\Controllers;
    use Illuminate\Http\Request;
    use App\Models\User;
    class PassportAuthController extends Controller
    {
        /**
         * Registration
         */
        public function register(Request $request)
        {
            $this->validate($request, [
                'name' => 'required|min:4',
                'email' => 'required|email',
                'password' => 'required|min:8',
            ]);
     
            $user = User::create([
                'name' => $request->name,
                'email' => $request->email,
                'password' => bcrypt($request->password)
            ]);
           
            $token = $user->createToken('LaravelAuthApp')->accessToken;
     
            return response()->json(['token' => $token], 200);
        }
     
        /**
         * Login
         */
        public function login(Request $request)
        {
            $data = [
                'email' => $request->email,
                'password' => $request->password
            ];
     
            if (auth()->attempt($data)) {
                $token = auth()->user()->createToken('LaravelAuthApp')->accessToken;
                return response()->json(['token' => $token], 200);
            } else {
                return response()->json(['error' => 'Unauthorised'], 401);
            }
        }   
    }
    
    PostController.php
    
    php artisan make:controller PostController
    
    
    namespace App\Http\Controllers;
    use Illuminate\Http\Request;
    use App\Models\Post;
    class PostController extends Controller
    {
        public function index()
        {
            $posts = auth()->user()->posts;
     
            return response()->json([
                'success' => true,
                'data' => $posts
            ]);
        }
     
        public function show($id)
        {
            $post = auth()->user()->posts()->find($id);
     
            if (!$post) {
                return response()->json([
                    'success' => false,
                    'message' => 'Post not found '
                ], 400);
            }
     
            return response()->json([
                'success' => true,
                'data' => $post->toArray()
            ], 400);
        }
     
        public function store(Request $request)
        {
            $this->validate($request, [
                'title' => 'required',
                'description' => 'required'
            ]);
     
            $post = new Post();
            $post->title = $request->title;
            $post->description = $request->description;
     
            if (auth()->user()->posts()->save($post))
                return response()->json([
                    'success' => true,
                    'data' => $post->toArray()
                ]);
            else
                return response()->json([
                    'success' => false,
                    'message' => 'Post not added'
                ], 500);
        }
     
        public function update(Request $request, $id)
        {
            $post = auth()->user()->posts()->find($id);
     
            if (!$post) {
                return response()->json([
                    'success' => false,
                    'message' => 'Post not found'
                ], 400);
            }
     
            $updated = $post->fill($request->all())->save();
     
            if ($updated)
                return response()->json([
                    'success' => true
                ]);
            else
                return response()->json([
                    'success' => false,
                    'message' => 'Post can not be updated'
                ], 500);
        }
     
        public function destroy($id)
        {
            $post = auth()->user()->posts()->find($id);
     
            if (!$post) {
                return response()->json([
                    'success' => false,
                    'message' => 'Post not found'
                ], 400);
            }
     
            if ($post->delete()) {
                return response()->json([
                    'success' => true
                ]);
            } else {
                return response()->json([
                    'success' => false,
                    'message' => 'Post can not be deleted'
                ], 500);
            }
        }
    }
    

    4. Define API Routes

    
    Route::post('register', [PassportAuthController::class, 'register']);
    Route::post('login', [PassportAuthController::class, 'login']);
    Route::middleware('auth:api')->group(function () {
        Route::resource('posts', PostController::class);
    });
    
  • STEP 2 :Testing

    1. Register

    url : http://localhost:8000/api/register

    method: post

    in header : "Accept": application/json

    body : raw & json

    
                            {"name" : "manoj", "email" : "m@gmail.com", "password" : "123456789"}
                            

    2. Login

    url : http://localhost:8000/api/login

    method: post

    in header : "Accept": application/json

    body : raw & json

    
                            { "email" : "m@gmail.com", "password" : "123456789"}
                            

    3. Posts

    url : http://localhost:8000/api/posts

    method: post

    in header

    
                            'headers' => [
                                'Accept' => 'application/json',
                                'Authorization' => 'Bearer '. $accessToken,
                            ]
    
                            

    body : raw & json

    
                            { "title" : "m@gmail.com", "description" : "123456789"}