How to use Laravel Passport with Password Grant Tokens?
Are you fond of using Laravel? While Laravel is known to make it easier to perform authentication through the use of traditional login forms, still the users are unsure of using the APIs. APIs on Laravel are typically known to make use of tokens for authenticating the users. The APIs do not maintain any specific session state between multiple requests. Laravel aims at making API authentication quite a breeze with the help of its Laravel Passport feature. The Laravel Passport is known to provide a full-end OAuth2 server implementation for the respective Laravel application in some minutes. Laravel Passport has been designed upon the League OAuth2 Server –maintained by Simon Hamp and Andy Millington.
Making Use of Laravel Passport When you wish to deploy a Passport to the respective production servers for the first time, you are required to run the passport:keys command. The specific command is responsible for generating the encryption keys that are needed by Passport for generating access tokens. The keys that are generated are usually not kept in the source control.
“php artisan passport:keys” If there is a requirement, you might even consider defining the specific path wherein the Passport keys should be loaded from. You can make use of the command “Passport::loadkeysFrom” for achieving the same.
/** * Register any authentication or authorization services test * * @return void */ Public function boot () { $this->RegisterPolicies(); Passport::routes(); Passport::loadkeysFrom(‘/secret-keys/oauth’); }
In addition to this, you can also publish the configuration file of Passport using the command “php artisan vendor: publish –tag=passport-config” This command will help in providing the option to load the respective encryption keys from the given environment variables.
PASSPORT_PRIVATE_KEY=“——-BEGIN RSA PRIVATE KEY —— private key here
“——END RSA PRIVATE KEY—–“ PASSPORT_PUBLIC_KEY= “——BEGIN PUBLIC KEY—— public key here
——END PUBLIC KEY——-“
Password Grant Tokens The OAuth2 password grant enables the respective first-party clients (like some mobile application) to obtain the given access token with the help of an email address or username & password. As such, you are allowed to issue the respective access tokens securely to the first-party clients without asking the clients to go through the entire authorization code redirect flow of Oauth2.
Before the mobile application would issue tokens through the password grant, you are required to create a specific password grant client. You can achieve the same using the “passport::client” command.