Learn LARAVEL-PASSPORT with Real Code Examples

Passport simplifies API authentication using OAuth2 and JWT tokens.

Provides routes for issuing access tokens, refreshing tokens, and managing clients.

Integrates seamlessly with Laravel’s authentication system.

Supports personal access tokens, client credentials, and password grant tokens.

Enables secure API authorization for single-page applications, mobile apps, and third-party clients.

Automatic routes for issuing and managing tokens

JWT-based access tokens

Scopes for fine-grained authorization

Refresh token support

Secure storage and encryption of client secrets

Client - third-party or first-party application requesting access

Access Token - issued token for authenticating requests

Refresh Token - renew access token without re-authentication

Scopes - define permissions for a token

Personal Access Token - user-specific token without OAuth client

app/Models/ - User and Passport models

app/Providers/AuthServiceProvider.php - Passport registration

config/auth.php - API guard setup

routes/api.php - protected API routes

database/migrations/ - tables for clients and tokens

Set up Passport in Laravel

Define OAuth2 clients (personal, password grant, client credentials)

Protect API routes with `auth:api` middleware

Issue and manage tokens via Passport endpoints

Consume tokens in SPA, mobile app, or third-party client

Beginner: API with personal access tokens

Intermediate: SPA using password grant tokens

Advanced: Multi-client OAuth2 API with scopes

Expert: Third-party integrations with OAuth2

Enterprise: Multi-tenant API authentication with custom guards

Passport vs Sanctum: Passport full OAuth2, Sanctum simpler token auth

Passport vs JWT package: Passport full OAuth2 flow, JWT package lightweight

Passport vs OAuth server external: Passport integrated with Laravel

Passport vs Laravel Breeze: Breeze handles auth UI, Passport handles API auth

Passport vs Laravel Fortify: Fortify manages UI login/security, Passport manages tokens

2016 - Initial release with Laravel 5.3

2017 - Laravel Passport 2.x with improved OAuth2 support

2019 - Laravel Passport 8.x updated for Laravel 6/7

2021 - Laravel Passport 10.x updated for Laravel 8/9

2025 - Latest Passport version supporting Laravel 10+

Client - application requesting access to API

Access Token - token used for authenticating API requests

Refresh Token - renew expired token without login

Scope - defines permissions for a token

Personal Access Token - user-specific token without full OAuth flow