1. Home
  2. /
  3. Laravel-passport
  4. /
  5. Laravel Passport Simple API Authentication

Laravel Passport Simple API Authentication - Laravel-passport Typing CST Test

Loading…

Laravel Passport Simple API Authentication — Laravel-passport Code

Demonstrates a simple Laravel API protected using Passport with routes for retrieving user data.

// routes/api.php
use IlluminateSupportFacadesRoute;

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

// App/Models/User.php
use LaravelPassportHasApiTokens;

class User extends Authenticatable {
    use HasApiTokens, Notifiable;
}

// AuthServiceProvider.php
use LaravelPassportPassport;

public function boot() {
    $this->registerPolicies();
    Passport::routes();
}

Laravel-passport Language Guide

Laravel Passport is an OAuth2 server implementation for API authentication in Laravel applications, providing a full OAuth2 server setup with minimal configuration.

Primary Use Cases

  • ▸API authentication with OAuth2
  • ▸Secure SPA and mobile application backends
  • ▸Third-party API integrations
  • ▸Token-based authorization and access control
  • ▸Rapid implementation of secure API endpoints

Notable Features

  • ▸OAuth2 server implementation
  • ▸Personal access tokens for individual users
  • ▸Password grant and client credentials support
  • ▸Token expiration and revocation management
  • ▸Seamless integration with Laravel Auth system

Origin & Creator

Created and maintained by Taylor Otwell as part of the Laravel ecosystem.

Industrial Note

Laravel Passport is used in enterprise APIs, SaaS applications, mobile backends, and SPAs where secure token-based authentication and OAuth2 compliance are required.

Quick Explain

  • ▸Passport simplifies API authentication using OAuth2 and JWT tokens.
  • ▸Provides routes for issuing access tokens, refreshing tokens, and managing clients.
  • ▸Integrates seamlessly with Laravel’s authentication system.
  • ▸Supports personal access tokens, client credentials, and password grant tokens.
  • ▸Enables secure API authorization for single-page applications, mobile apps, and third-party clients.

Core Features

  • ▸Automatic routes for issuing and managing tokens
  • ▸JWT-based access tokens
  • ▸Scopes for fine-grained authorization
  • ▸Refresh token support
  • ▸Secure storage and encryption of client secrets

Learning Path

  • ▸Learn Laravel basics and authentication system
  • ▸Understand OAuth2 concepts
  • ▸Install and configure Laravel Passport
  • ▸Protect API routes and issue tokens
  • ▸Implement token revocation and scope-based access control

Practical Examples

  • ▸Issue personal access tokens for API testing
  • ▸Protect API routes using `auth:api` middleware
  • ▸Use password grant tokens for SPA login
  • ▸Implement token revocation for user logout
  • ▸Define scopes for role-based access control

Comparisons

  • ▸Passport vs Sanctum: Passport full OAuth2, Sanctum simpler token auth
  • ▸Passport vs JWT package: Passport full OAuth2 flow, JWT package lightweight
  • ▸Passport vs OAuth server external: Passport integrated with Laravel
  • ▸Passport vs Laravel Breeze: Breeze handles auth UI, Passport handles API auth
  • ▸Passport vs Laravel Fortify: Fortify manages UI login/security, Passport manages tokens

Strengths

  • ▸Deeply integrated into Laravel ecosystem
  • ▸Quick setup for OAuth2 authentication
  • ▸Supports multiple OAuth2 grant types
  • ▸Handles token expiration and revocation
  • ▸Active maintenance and strong documentation

Limitations

  • ▸Limited to Laravel applications
  • ▸Not suitable for non-Laravel or microservice architectures without modification
  • ▸Requires understanding of OAuth2 concepts
  • ▸May be overkill for simple API token authentication
  • ▸Relies on database migrations and Laravel models for token storage

When NOT to Use

  • ▸Simple apps without OAuth2 requirements
  • ▸Single-page apps where Sanctum suffices
  • ▸Applications not using Laravel
  • ▸Projects needing minimal authentication setup
  • ▸When performance-critical APIs require lightweight token management

Cheat Sheet

  • ▸composer require laravel/passport - install Passport
  • ▸php artisan migrate - run migrations
  • ▸php artisan passport:install - generate keys and clients
  • ▸Auth::user()->createToken('token-name') - issue personal token
  • ▸Route::middleware('auth:api')->get(...) - protect routes

FAQ

  • ▸Is Passport open-source? -> Yes, part of Laravel.
  • ▸Does Passport support SPA authentication? -> Yes, via password grant tokens.
  • ▸Can Passport manage third-party API clients? -> Yes, via OAuth2 clients.
  • ▸Does Passport issue JWT tokens? -> Yes, for API authentication.
  • ▸How to revoke tokens? -> Using `token()->revoke()` method.

30-Day Skill Plan

  • ▸Week 1: Setup Laravel API and Passport
  • ▸Week 2: Implement personal and password grant tokens
  • ▸Week 3: Secure API routes with middleware and scopes
  • ▸Week 4: Test token issuance and revocation
  • ▸Week 5: Deploy and monitor API authentication

Final Summary

  • ▸Laravel Passport provides a full OAuth2 server for Laravel applications.
  • ▸Supports personal access, password grant, and client credentials tokens.
  • ▸Enables secure API authentication for SPA, mobile, and third-party apps.
  • ▸Deeply integrated with Laravel Auth system.
  • ▸Simplifies token issuance, revocation, and scope-based access control.

Project Structure

  • ▸app/Models/ - User and Passport models
  • ▸app/Providers/AuthServiceProvider.php - Passport registration
  • ▸config/auth.php - API guard setup
  • ▸routes/api.php - protected API routes
  • ▸database/migrations/ - tables for clients and tokens

Monetization

  • ▸Use Passport to secure commercial APIs
  • ▸Protect SaaS platforms and mobile apps
  • ▸Enables third-party integrations for revenue
  • ▸Enterprise clients benefit from secure token flows
  • ▸Reduces operational overhead of building OAuth server manually

Productivity Tips

  • ▸Use personal tokens for quick API testing
  • ▸Apply scopes for role-based access
  • ▸Leverage middleware for reusable checks
  • ▸Automate token management in API client
  • ▸Follow Laravel Passport best practices

Basic Concepts

  • ▸Client - third-party or first-party application requesting access
  • ▸Access Token - issued token for authenticating requests
  • ▸Refresh Token - renew access token without re-authentication
  • ▸Scopes - define permissions for a token
  • ▸Personal Access Token - user-specific token without OAuth client

Official Docs

  • ▸https://laravel.com/docs/passport
  • ▸Laravel GitHub repository
  • ▸Laracasts tutorials on Passport

Practice Other Languages

CReactPythonC++RustTypeScriptKotlinPHPJavaC#RubyMqlCqlN1qlCypher