Laravel Api Authentication - Step by Step

Pratical step-by-step how to do a RESTful API in Laravel 5.5 with authentication by email and password using Laravel Passport (OAuth 2.0)

Prerequisites

Apache
PHP
Composer
Laravel new app created

Initial notes

The project in this repo contains all the steps finalized

Step 1 - Add Laravel Passport to composer.json

In the project dir run

composer require laravel/passport

Step 2 - Run migrations

php artisan migrate

Step 3 - Install Laravel Passport

php artisan passport:install

Step 4 - Add HasApiTokens at app/User.php

<?php

namespace App;

use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;

    [...]    
}

Step 5 - Add Passport Routes to auth provider

In the "app/Providers/AuthServiceProvider.php" add passport routes to boot method

<?php

namespace App\Providers;

use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
    ];


    public function boot()
    {
        $this->registerPolicies();

        Passport::routes();
    }
}

Step 6 - Alter auth api driver to "passport"

In the "config/auth.php" adjust the driver for api auth

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Step 7 - Add endpoints for auth control

In the "routes/api.php" add routes to login, register and logout

<?php

use Illuminate\Http\Request;

Route::post('login', 'Auth\LoginController@login');
Route::post('register', 'Auth\RegisterController@register');

//protected routes
Route::group(['middleware' => 'auth:api'], function() {
    Route::get('logout', 'Auth\LoginController@logout');
});

Step 8 - Create login and logout methods

In the Login Controller (Controllers/Auth/LoginController.php) add login and logout methods

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\User;

class LoginController extends Controller
{
    use AuthenticatesUsers;

    protected $redirectTo = '/home';
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    public function login(Request $request)
    {
        $this->validateLogin($request);

        if ($this->attemptLogin($request)) {
            $user = Auth::user();
            $success['token'] = $user->createToken('MyApp')->accessToken;
            $success['user'] = $user;
            return response()->json($success, 200);
        }

        return $this->sendFailedLoginResponse($request);
    }

    public function logout()
    {
        $user = Auth::user();
        $user->token()->revoke();
        $user->token()->delete();

        return response()->json(null, 204);        
    }
}

Step 9 - Create register method

In the Register Controller (Controllers/Auth/RegisterController.php) add register method

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\Request;

class RegisterController extends Controller
{
    use RegistersUsers;

    protected $redirectTo = '/home';
    public function __construct()
    {
        $this->middleware('guest');
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'password' => 'required|string|min:6|confirmed',
        ]);
    }

    public function register(Request $request)
    {
        $this->validator($request->all())->validate();

        $user = User::create([
            'name' => $request['name'],
            'email' => $request['email'],
            'password' => bcrypt($request['password']),
        ]);

        $this->guard()->login($user);
        $success['token'] = $user->createToken('nfce_client')->accessToken;
        $success['user'] = $user;        
        return response()->json($success, 201);
    }
}

Step 10 - Test endpoints

curl -X POST -H 'Accept: application/json' -d 'name=user&email=user@test.com&password=passuser&password_confirmation=passuser' http://localhost/laravel-api-auth/api/register

curl -X POST -H 'Accept: application/json' -d 'email=user@test.com&password=passuser' http://localhost/laravel-api-auth/api/login

Logout

curl -H 'Accept: application/json' -H 'Authorization: Bearer token_generated_on_register_or_login' http://localhost/laravel-api-auth/api/logout

References

Laravel docs - Laravel Documentation
Laravel Passport Post - Create REST API with authentication
Laravel API Tutorial - How to Build and Test a RESTful API

cantellir / laravel-api-auth