Create an API with Laravel Passport & Personal Access Tokens

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] in this video I'm going to create an API and then use it to power my own single page application this is also known as dogfooding or eating your own dog food it's a popular method used by organizations to kind of test their own api's in real-world scenarios before making them available to third-party consumers so to do this I'm going to use laravel passport I already have Larry Bell open over here to the website and I'm going to click on documentation down here under official packages is where you'll find passport click on passport and here's our introduction to passport it says level already makes it easy to perform authentication via traditional login forms but what about AP is AP is typically used tokens to authenticate users and do not maintain session state between requests laravel makes API authentication a breeze using laravel passport which provides a full ooofff to server implementation for your laravel application in a matter of minutes passport is built on top of the league o auth - server that is maintained by Andy Millington and Simon Han so we're gonna go down here to installation to get it started install passport via the composer package manager so let's go ahead and copy this I use command C to copy I'm gonna open up terminal I'm already in the root of my project directory which is blog and command V to paste and then I'm gonna run with Enter okay then it says the passport service provider registers its own database migration directory with the framework so you should migrate your database after installing the package the passport migrations will create the tables your application needs to store clients and access tokens so we have to run the PHP artisan my every command so I'm going to hit command C to copy I'm going to go back over to my terminal command V to paste and enter and we can see there's a few new migration files in here that has to do with OAuth then we're going to come down here it says next you should run the passport install command this command will create the encryption keys needed to generate secure access tokens in addition the command will create personal access and password grant clients which will be used to generate access tokens so I'm going to copy this with command C I'm going to go back over here to terminal and command V and press ENTER to run and it created a client ID with a client secret and another client ID with another client secret ok after running this command add the laravel passport has API token straight to your app user model this trait will provide a few helper methods to your model which allow you to inspect the authenticated users token and scopes okay so I'm going to open up visual studio code and I'm going to go to my app and user dot PHP is our user model so we want to add the has API tokens command C to copy this and I'm gonna put it right here command V to paste and then we want to also add the has API tokens right here so I'm just gonna copy this and command V to paste and command s to save next you should call the passport roots method within the boot method of your office service provider this method will register the roots necessary to issue access tokens and revoke a sec access tokens clients and personal access tokens so let's go back into Visual Studio code and add the passport roots method within the boot method controller of the auth service provider so I'm going to go ahead and copy this passport roots command C I'm back into Visual Studio code and I'm going to click on providers and then auth service provider and right here I'll get rid of this and command V to paste and then command s to save and we also want to add the laravel passport passport right up here underneath get command s to save and then finally in your config slash auth dot PHP configuration file you should set the driver option of your API authentication guard to passport this will instruct your application to use passports token guard when authenticating incoming API requests so back to Visual Studio code and we're gonna minimize this and we'll go to config and off and we can scroll down here and it says we want to change driver to passport and then command s to save now I'm going to scroll down and front-end QuickStart passport ships with a JSON API that you may use to allow users to create clients and personal access tokens however it can be time-consuming to code a front-end to interact with these API s so passport also includes pre-built view components you may use as an example implementation or starting point for your own implementation to publish the passport view components use vendor publish artisan command so we'll copy this command right here we're gonna go ahead and add these view components I don't know if we'll use them in the tutorial but it will be a help later on when we want to open up our API to third parties so back in the terminal I'm going to command V to paste and press ENTER and we should see a few new components in here if I scroll down I'm gonna move this over down here under resources J s components Passport so we have a new directory and we have a few new components in here cool all right now I want to start setting up some scaffolding for my new API so I'm going to open up visual studio code and up top under app HTTP controllers I want to add a new folder in here and I'm just gonna call it API and that's going to house all my API controllers and then I'm going to create another folder within that called v1 for version 1 down the road there may be additional versions as my application grows but this allows me to keep things organized for now in addition to my controllers API v1 folder I'm going to create a new controller and I'm going to call it login controller and to do that we're going to use the PHP artisan command I'm going to open up my terminal and if we type PHP artisan make controller and then we can say API /v 1 slash and I'm going to call this login controller and press Enter and it just created our login controller so I'm going to click on that ok so let's go ahead and set up a login function in our login controller so I'm going to go ahead and add a function in public function login and the login function will receive a request and and in that request we will have a username and password all right so the first thing we want to do is validate our incoming requests so let's go ahead and do that we'll say request validate and that takes an array and we'll do email and we want to validate that email is a well first we want to say it's required and it is a string make sure you spell required right so it's required and it's a string and we also want to say that password is also password is also required and is a string all right okay now let's authenticate this incoming request all right let's put this into a variable called login and then we can use it down here so we'll say if off attempt we want to tell it to try to login I actually want to say if it fails so the exclamation point is saying if this does not succeed give us the opposite of true we want to return a response and in that response we want to send a message and that message will contain invalid login credentials okay in order for this off to work we want to make sure we import it up here so we will just say use illuminate support facades and then off and now we can use the off here so far we're we've created a login function we're storing our request validation in a variable called login and we're just making sure we receive an email and a password both of them are required and both of them are a string and then we're saying try the trial login attempt using this information if it fails send this response invalid login credentials now we need to tell what the diff exceeds so let's go ahead and create our access token if it succeed I wanted to take a quick moment to review the type of authentication we would be using with laravel passport so let's go over here to our passport documentation and we're gonna go down to personal access tokens this is the type of access I'm going to be using for my API so I just wanted to review it real quick so you knew why we were doing what we were doing and you could come here and review some of the documentation and some of the code I used in this function to achieve what we're achieving with API access so let's go ahead and review what it says right here personal access tokens sometimes your users may want to issue access tokens to themselves without going through the typical authorization code redirect flow allowing users to issue tokens themselves via your applications UI can be useful for allowing users to experiment with your API or may serve as a similar approach to issuing access tokens in general ok creating personal access client before your application can issue personal access tokens you will need to create a personal access client you may do this using the passport client command with the - - personal option if you have already run passport install which we have you do not need to run this command so we can go ahead skip right over this right here now let's go down managing personal access tokens once you've created a personal access client you may issue tokens for a given user using the create token method on the user model instance the create token method accepts the name of the token as the first argument and an optional array of scopes as its second argument so we're gonna be using this down here in the method that we're about to create I just wanted to review that real quick so you guys knew where I was getting this information from if you want to do a little more reading on your own feel free we're on the laravel comm Doc's version 6 and then the passport personal access tokens so let's jump back into our user controller and finish up this login so we'll put that at a variable access token and we'll do auth user and then we get this create token and we'll call it auth token and we want to put access token right here so we're storing our access token and then we want to return that in a response back to our user so let's go ahead and do return response except this time we want to return the authenticated user as well as the access token so let's say return the user and that'll be off user and then I'm going to put a comma and we'll also return the access token and we want to pass in that variable access token and then just close it off all right that should be good for this let me just I'm just double checking we've included our off so we can use it down here I'm getting a squiggly line here what did I miss if off attempt login return and we didn't close this off right here that should get rid of our school a line okay there we go we're all good I missed a semicolon all right so command us to save and this will be our login function and it should send a user and access token back with this request another thing I like to do is make sure that my incoming request routes line up with my routes folder down here so they're easier to find later on right now all my API requests are just in the routes slash API dot PHP but I want all my incoming API requests to reflect the route that they're going to so I'm going to add a folder and I'm gonna say new folder and I'm gonna just call that folder API and then within that folder I also want to create another folder and I'm gonna call that v1 and then I'm just going to drag my API into there go ahead and move it okay so now I have the API v1 and that's going to go to the API dot PHP file and then I want to come up here to my providers and my route service provider and I want to tell this service provider right here this prefix I want to make sure I change it to reflect the changes I made down here with the new folder so I'm just gonna tell it to go to API slash v1 and then right here my new path is routes API slash V 1 slash API and then go ahead and come in as to save now any incoming requests at blog comm slash API slash b1 are going to go to my routes slash API slash V 1 slash API dot PHP file now let's go into that routes file and tell our routes to hit the controllers we want to make sure we're hitting our login controller up here so I'm going to go back into the 8th routes API v1 and then API to PHP so I'm gonna get rid of this for right now I'm just gonna slash slash to get rid of that and then let's go ahead and I'm gonna put a note here just so I know this is gonna be all the users routes so in laravel they have the ability to group and prefix routes right now anything that goes to slash API slash v1 will end up in this API folder or this API file and I want it to be slash API slash V 1 slash users or a slash user so in order to do that we're going to create a prefix or route prefix and that will be route prefix and then the name of the prefix which will be slash user so we're saying anything at slash user we want to group it and group takes up so we'll put function and now anything that goes inside of this right here will have the slash user in front of it so we want it to be slash user slash login so let's go ahead and do that and we'll do in order to create the the route for that we're just gonna say we're out and that's gonna be a post request so we'll say post and we want it to be slash login so we'll do slash login so now we're a slash API slash v1 slash user slash login for a route and then we want that route to hit our API slash v1 slash login controller and we want it to hit the method of login there we go and I'm going to command s to save okay now let's try and test that route and see if we're able to log in a user and get back an access token I'm gonna use postman for this so I'm gonna open up postman click the plus sign right here and earlier we said it would be a post request so I'm gonna say post and I'll do HTTP colon slash slash blog 888 8 and we said it'll be at API slash v1 slash user slash login we also want to pass some form data with that log in so I'm going to go right here and say form data the form data we want to pass is email and the value will just be the email and the other one was password and that was just password and if we click send we're expecting based on our login controller if we type the correct information we're expecting to get our authorized user back along with their access token so let's go ahead and try that and there we go I got my authorized user and my access token let's see if we type the wrong password we'll just add a 1 here we're expecting it to say invalid login credentials let's see if that works and we get our message back invalid login credentials it looks like our API with our personal access token is working I want to do one other thing and make sure that our API token works to receive information so let's open up vs code again and we'll go back down in here to our routes and this time I want to create another route this but I want to use the middleware and the auth API so we'll do route middleware and we want to tell it to use off API and this time it's going to be a get request so we'll say get and we want the route to be API v1 user let's just do all let's return all users and we'll hit the controller at API v1 user we'll call it user controller at index so we're gonna hit the user controller at index and close it off alright I'm where the command has to save and I want to do one other thing and that's to make a user controller to test this out to make sure that our access token is working let's open up terminal and I'm going to CD into my blog directory because that's my root directory for the project and I'm gonna type PHP artisan make controller and it I wanted to make it into the API /v 1 slash will do user and then user controller I'm going to add - - resource so it'll add a few methods in there for me so go ahead and press Enter and here I go I have my user folder and my user controller and let's just go up here right here I just want to test out that everything's working so I'm just gonna say return user all so let's go ahead and add use app slash user and then command s to save all right now let's see if we can hit this route here let me double check I have it in my routes file and I have middleware so I'm gonna have to pass the token I'm going to minimize this and let's go back over here and we want to grab our token so let's grab our token right here and we'll create a new request this time it's a get request it's gonna go to API slash v1 slash user slash all and I need to add some headers and it's going to have an authorization header oops authorization and I wanted to have bearer space token alright and let's press send and we're hoping to get back one user because that's the only user in the database right now and there we go we're getting back our scripts per user as we expected just to recap we created a laravel API using laravel passport we used PHP artisan to create our laravel passport personal access client then we used that personal access client to generate our personal access token we were able to use our personal access token to access our API by sending a header with the keyword authorization and the value of the word bearer followed by our access token

Info

Channel: Scrypster

Views: 112,586

Rating: undefined out of 5

Keywords: PHP, Laravel, Laravel Passport, Passport, API, Laravel API, Passport API, php artisan, php artisan migrate, composer, composer install, php artisan passport

Id: R3Hec0_U2Cs

Channel Id: undefined

Length: 24min 23sec (1463 seconds)

Published: Fri Jan 10 2020