Laravel Passport Rest API Authentication Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome to another tutorial and in this tutorial we are going to learn about laravel passport my name is Juma and uh laravel passport enables is a package that enables us to have an all to convert our level application into an oath to server and I would like us to just go ahead and be able to see how you can be able to implement and also be able to make requests that are authorized by the tokens that you are given by passport so the first thing is that we have to set up a fresh installation of laravel and that is what I've done here and I've called it passport and then the other thing that I've done my application is already running on uh uh put eight thousand and then the next thing that we are going to do after you are able to achieve all those things up until where we have reached I would like you to I would like us to uh create a database so we open our EnV file and inside here under the place where we have DB database DB username and password I would like us to change something regarding the database and I want to call it passport and Save after that I would want to open already I'm also running my exam so in other words I can be able to access the the database and we that is phpmyadmin and you can be able to create a new database and here I would like to call our database passport and then we we click on create this one now our database has been created as you can see we have a passport database and in this case we have not been able to populate it with uh with uh the tables but I would like to just go ahead and populate it with the initial tables that laravel brings ships with automatically and then afterwards we can be able to populate with a passport um tables and see what happens so I'm going to do the to write the command PHP artisan migrate to migrate the initial tables and so as you can see we are we have migrated users table password resets failed jobs and personal access tokens so those ones are four tables and the next thing I want us to do is to install a passport and we are going to install using this command composer require laravel passport that command will lead us to the installation of letterville passport and so I know it might take a while for it to be able to complete and as it does that I would like us to continue with a little bit of more setup so I would like us to open uh our models folder so you go to app then models and then inside the user model I would like to just ensure that we are using uh password so I want to there's this line because initially for laravel 9 it ships with a laravel sanctum already installed but we can be able to just change what we are using here from sanctum to passport so I'm just going to change this specific uh text and I'm going to write passport like that and now you save the setup on our user model is okay then I would like us to go and do a little bit more of setup on config on our config folder on the app file and the auth PHP so let us begin with uh the oauth PHP file so config auth and we are going to change uh we are going to add where we have the guts the first uh guards that we're having on web uh uh implementation where we are using sessions I also want us to copy and add the Sim and then change this one to API and then here the driver is going to be passport like that so you save that then we are going to also go to our app.php and in upload PHP I want us to include a provider so you scroll downwards let me just minimize this a little bit and also these ones such that we can be able to have it properly visualized and so here is where we are going to add the passport provider so we are going to type in the following piece of code La Ravel passport and then we are going to type in passport service provider class like that and do you save I'm still waiting for this one to be able to complete so because of the things that will be required to have before I would like to um first of all post this video such that we can be able to continue after our passport has already completed installing to avoid us getting errors so let me pause the welcome back so uh the next thing that I want us to do is to migrate such that we are able to create the passport table so PHP uh tson migrate so we are going to create more tables on top of whatever tables that we had initially so as you can see we have four tables that we have been able to populate in our database the oauth oath codes both access tokens both refresh tokens auth clients table and auth personal access clients table so five more tables so if you check our database currently has more tables than one than the ones that and the number that we had initially that is good enough I would like us to also install the encryption keys and for us to be able to install the encryption Keys we are going to do the command PHP uh artisan phprt Sun passport install like that and that is going to that command is going to generate uh the encryption keys that will be able to secure our application so then as you can see we have client ID and client secret client id1 and client id2 and their client secret so also these ones have also been added to our database if you have to check the database you will find there are two tables that are having data and maybe you can just go and we have a look as you can see we have some tables have data like this auth clients table and you can see we have the information that we we have just had there so the first one is laravel personal access token and laravel password Grant client so those two have been generated and added to the table so I would like us to continue and in this case now we we are going to create a products model because I would like us to see how we can be able to create to have a simple crowd whereby you can create products delete products and do a little bit of operations on the Sim so I'm going to create a products model and we are going to have the command PHP artisan make model and the name of the model is product product model and we are tagging migrations to ensure that we are creating the model and we are also creating the migrations related to it so when we go to our folder structure as we can see under the models table so under app models you can see that we have product.php and then here I want to do a little bit of addition of data and I would like to have protected fillable and this is for the purposes of the database tables that you are going to create such that we can be able to prevent an error that usually talks about Mass assignments so protected fillable and we are going to have several things we are going to have the title and these ones are also the the table I mean the columns that we're going to have in our table so title and then description and then price of the product and then finally I would like maybe a pro I use a specific user to be linked to their specific product so I would also want to have user ID I like that so then that is it in that way so let me let me just remove this such that you can be able to see exactly what you have typed so we have protected fillable then we have title description price in the user underscore ID I would like us to go to our migrations table and be able to create our our migration so we are going to to go to database and then migrations and then the last table that has been created a migration that has been created you click on that one then here we are going to populate it with our data so we are going to have table string and we will have it as title and then we will have the next line I want to change this to description and then we will have the next line and this one I want it to be a double and then we are going to call it price and we are going to have it as eight uh we will have eight digits probably there is nothing that you'll be able to reach that kind of a price but it doesn't matter so eight digits and then comma separated with Shillings and cents of sorts and then the last thing that we are going to have is uh the user ID and the user ID is a big integer so big integer because we will be referring to the users tab and this one is called you user ID user let me let me remove this a little bit such that you can be able to see so use underscore ID like that and you remove all this and since it is uh a big integer even this one is also a big integer for this one we are going to say it is unsigned such that we do not get an error and signed and smooth inside like that and I think for the tables we are good with them and I'm putting it below timestamps let me just move it a little bit upwards we have it immediately before timestamps like that like that so I want us to go ahead and uh we we do the migration so I'm going to say PHP uh tson migrate like that to migrate the table that we have created now so again we are going to have products table created and when we check in our database we are going to have a the table here let me see let me see let me see let me see we can refresh yes we have the products table here and it's having The Columns that we have been able to State use ID and then created that updated that so I think that is okay the next thing that I want us to do is to go ahead and create the authentication controller so I'm going to type in the command PHP artisan Mick controller and the name of the controller is uh Authentication controller PHP Edition make controller authentication controller and that one is okay I will also use the same opportunity to make another controller that you call product controller so again PHP uh tson make controller but in this case we are calling it product can't roll like that and uh let me call it a resource controller for now such that we can be able to use whatever it is that we require to use in the resource controller so anyway so we have created two controllers I would like us to go to the controllers so app http controllers and then I want us to do some work on the authentication controller and I want to minimize this as much as possible let it remain there and I want us to have several methods so we are going to have public function register this will be the method that will be used in public function this one is mistyped function public function register and here I want to just pass request variable like that and then we have it like that so I want to create two more so just copy this one and we are going to have uh the next one which we are going to call login and then we are going to have another one which we are going to call logout like that log out then I also want to to import the user model so I'm going to say use up http models user like that because you'll be making reference to it so then after that I would like to populate this authentication controller with a some code that your sisters to do one or two things so let us begin with the register controller I mean with the register method and the first thing I want to do is validate a request in this case in the users table we just require the name email and password so I'm going to create a validation so request validate and this one you assist to just check if the payload of data that is coming in has uh uh the user information in this case the name and in this case for the name I want to say that it is required and I can say that we can have it as a maximum of 255. as a string and then we will have email and this email we want it to be required one more thing about the email we want it to be unique unique uh just one email per the the user's table so in other words we one cannot be able to come and register the email that is already registered in our database it you tell them that the email is already taken and then the other thing that I would like us to make to validate is that the text has to be again 255 characters so that is it and then we have the password field of course if you require to do password validation as such that you have the password confirmation you can be able to do that but for now I and password required and we can maybe put and say maybe minimum and we can say six characters like that so that is our validation the next thing after we have been able to validate the user data and we have found that everything is in order we now will go and create these users so we are going to say user and then we call the user model and then we say create and we pass in an array of data and in this case we are going to have name the name of the user we will save it to the database and we are going to say call it request name request name and then we have the email we are going to have it as a request email and then we have the password we are going to hash it so we are going to Hash so we can say hash make and then request a password like that so we are going to Hash the request password or we can also uh use by Crypt and it will still work and here I maybe want to import hash so I can just say use hash and that will be okay and then after we have been able to save our user in the database the next thing that I want us to do is to create the token so we are going to have the command and we are storing it in the variable token so we are going to have user the user that we are creating with that data and then create token and then obviously the name of the token maybe we can call it just oath token so whichever name you call it is okay and if you want to pass token ability you can be able to pass it there in that fashion so you can pass and say this token can be able to do what and what such that if you are to come and check afterwards you can just check what the token can do but in this case I have no interest in that access token and then now the next thing that you are going to do we will return a response and inside here because it will just format perfectly as a Json I would just want us to pass in the token so I'm going to to set it to the variable that we have created above there so token like that so that will be able to send the token back to the user so we are done with uh putting some code on a our register method now I want us to go to the login method and also be able to populate it with some information of course this one for valid request validation this one I can take let me just copy and paste on the login method like that and the only thing that we are not interested in is the name because it whatever it is that will be provided you just email and password and also I would like to remove this further requirements and also this one of saying the password should be more than six characters that one is not necessary after that I'm going to to find a user whose email matches the email that has been provided in our in the request that has been sent here so I'm going to set it to user and I'm going to say the user model where the email in the user table is equivalent to the request email like that and then I'm only getting the only one record so you write fast after that then I'm going to verify two things whether these if if this user exists and if their password matches the password that uh is in the database so we are going to just have an IF function here and I'm going to say if user and in this case we are saying our let me let me just do it properly if user in this case we are checking if the user is not found and we are also checking that the password that the user is providing is not matching is not matching the password that is in the database so I'm going to say the request password password so you compare the request password in the user password if they're the same that is fine if they are not the same if the two conditions are the way they are if this is not satisfied and this one is also not satisfied then it means the credentials that are being provided they're incorrect so I'm going to return response and in this case we are going to pass in our information and we are going to say email maybe we can call it message and we say the the provided credentials are incorrect and then of course we can pass in the status code here but then if this condition is if if whatever is that you're working on does not satisfy whatever it is that you have requested here then it means this user is good and the password that they have entered is good so we can be able to create a token for them so I will just copy again this one Whatever It Is that we have here and paste down here such that to create the token and yet still we will go and return the token back to the user so again here I'm going to just copy whatever it is that we have on the register function and put it here like that so you return a response with a token so that one is okay and then on the logout function I would like us to if a user clicks on the logout route what we will do is just to revoke their token and then return a response that they are logged out successfully so we are going to have um request user request user talking and we are going to revoke it so that's the first thing that we will do and then we just return a response so revoke request use token revoke and then the next thing we're going to do is to return a response and uh we are going to have return response in the inside here you can pass an array of values and the only thing that we are having is a message logged out success fully like that so that is what we are going to have as a method there and we are having is we were having a an error in our program but I have corrected we were having a input and equal signs instead of that the Double Arrow anyway so I think everything with regard to our register our authentication controller everything is fine with it I would like to go and do something on the product controller so that is what I want us to just to work on and here we are going to do several things in our index function I'm going to to just pass in request request and up here first of all we will we will import the product model so use up http app models sorry and then product like that so up models product and then we are going to pass in some data here I'm going to we're going to pass a variable request and here I want us to just return all the products that belong to this user so I'm going to just check the user ID user underscore ID and we are going to get it like this request user request user ID like that that you give us the ID of the logged in user or the user who who to whom the token belongs and then we are going to check the products all the products that exist for these users so you can say product you can call the model products and we can use where the first thing that we are going to just check is the user ID so user ID remember in our table we have a column called user ID and we want it to be where the user ID is the same as the variable user ID and then we get all all the the products that belong to this specific user and then we can return response and and inside this brackets we can have products the variable like that and I think that one is okay for the index function the create function is not useful in um when you are working with API so you skip that one you come and do something on store and here we are going to validate so the first thing you're going to do is validate the product status or request validate and we are going to check for several things remember in our table we created the product title so Tita and the reason we are going to say it is required to mean the user must be able to fill in otherwise we will return an error and we can say the maximum is 255. so if it is more than that it you still return an error and tell them to type something little then we have description and this one I want it to be required again the same thing maximum 255. characters then the last thing is the price and this price as much as we want it to be an integer probably we can say it's an industry I mean uh an integer but let me just say required like that so hopefully we'll be entering the correct things but now if you are doing uh a production application you have to take care of that the next thing we are going to do is to create the product so here I'm just going to have called a model product products create and we're going to have an array of values of course the same data that you're validating is the same that we are putting here so the first thing is title title and we are having it as request data title and then the next thing that you're having is a description and this one is going to be request description I'll just copy this and paste there and then we have price this one you are going to have it as a request price if we have typed everything then our uh store function in the product controller is okay then the last thing we can return is a response return response so in other words if the data has been saved successfully maybe we can return a response and just mention so here I'm going to have message and we will have product created successfully and we can return an error I mean a response code of 201 and I think even for this one we can also Return To Zero one so you return products with a response to zero one like that then um of course uh under show so if we pass in a product and we just want to return what that product is we can be able to put in some data here so how you say product and this one is going to be given by we will check the you get the product from the database so you call the product model and then find or fail then we are going to pass this ID the ID that we have here so this you get as the product and then I just want us to return response in this case what we have this product and then maybe 201 also now if we want to update a product I would like to will you still find it by ID so I'm going to copy whatever it is that we have here so you find the product by ID after we find it by ID the next thing we are going to do is again uh uh do something similar to what we did above here so let me just let me just type it in so we are going to say products update and inside here we are going to pass an array of values and those ones I think I can just copy them from what we have in here so could be and then now you paste them here so if they are all okay then we are fine the last thing I want us to look at is where we can be able to delete our product and in this case we are going to get a product by the ID so products is equals to product and we can say where ID the product ID is the same as the ID that we are passing here and I want it to be the only thing that we are getting or we can just go ahead and delete it so I can just say delete instead of over fetching it first and then deleting we can just go ahead and chain the delete and here we are going to return response actually turn response return response again with a status code of 201 and we are going to say the message product deleted successfully like that and then of course even for this function here after updating I want us to return a response so maybe I can copy this and also where we are doing the updates I also paste it there so here we can see product updated successfully updated not deleted updated like that so I think we have a there's an error return response or 201 a comma need to have a comma there and I think even for this one you need to have a comma there that's okay so I think we have done some work on authentication and we have also done some work on product controller the last thing that I would like us to do is to go to our API um our API routes and then we are going to do some little bit of work there and then I think we will be ready for testing and for testing of this API we are going to use um we will just use santa client but you can also use passport you will still be able to achieve the same results or similar results so I want to go to routes API and here uh uh the first thing I would like to do is to be able to use the the routes that we will be calling so I want to have used the controllers that you'll be calling so up http controllers and then the first controller is Authentication controller authentication controller then the next controller that you're going to use is the products controller so app http controllers and we are going to have the product products controller like that after that we will be able to have several routes so the first route is register so I'm going to have route post in this case we are calling it register and this route will be accessed without uh necessarily without using without being protected so I will say indication controller class and then the method is registered of course we also have login so we copy that one and then we have login and this one is login you can see I have mistyped register here like that then we are going to have some other routes that we are going to protect with uh with uh passport so we will not it will not the the middleware will not be all sanctum but it's going to be oath API like that it can also be able to Pro protect the user the the route user forward slash user and then uh I want to maybe create some grouped function some grouped uh routes here so route middleware so these ones are the routes that are protected by I was our uh by by passport so I'm going to have auth API full colon API and then group and inside here we are going to have a function and inside this group function we are going to put every other route so I want us to first of all have a route of logout so just copy this one and paste it here the first thing is log out and copy and paste also here that is the controller method that we are calling and then I want us to also have a resource controller here so route resource and in this case our resource controller is called products and uh we can say products controller class like that now if everything is fine I think it is time for us to test our API and see if it works perfectly so I'd like us to just uh run our level application already is running so I think that one is perfect so if yours is not running you run it by PHP it is unserve and D2 starts running and I want us to go directly to xender client and see if we can be able to access those routes that we have created and see if some of them are protected or what so I I want to change this URL and the first thing you're going to say is to check is the register because even currently we do not have a user in our in our database so localhost the URL that we are going to hit for register so HTTP localhost 8000 the port at which laravel is going is uh listening to in the API and then register and since we are registering I would like us to maybe do something on the header here we want Json so application Json and then in the body is where I'm going to type in the payload of the data that you are going to send and then see what you're going to have so I'm going to just quickly put some Json data here and uh the first thing that we have is a name so in this case the name we can call the name codas this and then the next thing is an email address email and then we can say maybe uh codas B at gmail .com and then lastly whatever it is that you're going to pass in is the password and for the password we are going to just put anything one up to six like that so I would like to uh try this request and see what we are going to get so as you can see it's saying please wait and it says the register method is not oh I've used the get method so that is the problem it's supposed to be post as you can see that is how we set in our uh web.php so the post method and we hit the end point it says the name field is required name field is required so meaning there's a the password field is required also and the information we are sending is here oh probably my uh codex be at gmail.com my Json has a problem oh yes the Json is not formatted properly my bad that is the reason why we I have sent it like somebody who is working on something else anyway that is the error that you get the name field is required the email field is required the password if your request does not go with those ones but since we have been able to correct what the issue that we are having we can hit the end point again and see now you can see it's processing it says app models HTTP user not found I think we also have a problem in how we referenced the user model so it is up models user not HTTP so let us again attempt one more time and now as you can see because you've been able to do everything we have a token with us so this is the token that we are given so if we are to send a request to the protected routes we can be able to use this token and then uh the request you going perfectly if everything is okay with those ones so I want to copy this token and uh do some uh post requests so we are going to have a new thunderclient instance and I'm going to do a new request and in this case our request is still a post request because I want us to create a product so http localhost 8000 and then we are going to API and then products if it's a post request then this is going to create whatever it is that we want so I would like to go to auth and then so headers first of all and we can say application Json the next thing that we are going to do under oath it's a better token so we are going to paste our token here it has not copied it let me just go back to our request and copy using the shortcut Ctrl C on Windows and then paste so we have our token and then the next thing now we need to have data on our body such that we are able to send so here we want to send several things so I would like to to just have it uh to create a Json data so the first thing is the title and in this case the title I would like to say to call it my products my products and then the email I mean the description the description let us call it what uh the product description and then lastly the price this one I'm going to set to 2 000 whatever that 2000 whatever that means and then so because we have our our request okay if everything is okay in our product controller then we're able to hit the store and we will have a response let me just go back and see what we have in our products controller the store method so we have we are we are getting uh the we are validating the request and then we are creating the products and then oh yes there's something that I've not said here and it would have Disturbed me so here I also want to have another column which is called user underscore ID remember in our table we had everything like that and this one is going to be given by request user and then ID yes because if you would have sent a request the way it was initially we would have gotten an error so anyway let us request user ID yes request user ID and it is a double arrow so yes like that so let us go to our request and attempt to send it and I want to push this one down a little such that we can be I mean push this one up a bit such that we can be able to see our response perfectly so we are going to send and it says column not found and non-column price a non-column price let me see our table so products table we didn't create price so okay for the purposes of the tutorial maybe we can omit price whenever we have it but if you want to create it you can ensure that it is created in your value so let me just remain with the title and user ID and anywhere where we have price let me remove it for now and then also in the update uh function I think we can have it like that then we can also pass in the user ID like that so in this update because we can either use puto patch in in in in in in in in the event that we use put you might find that it will also ask why are you not putting in or giving in the the value this one is a this one is in store not here not here let us put it in the in this one here yes here so we will have three things title description and then the user ID also in update so let me just go ahead and try it again so of course in our request we are also going to Omit price because there's nothing about it in our database so let me remove it like that and remove that comma so let's try it again so when we click that one as you can see it says the price field is required in our in our validation we still have price required so again I have to remove that because there's nothing that we need regarding price so the price price prices so we only have it in the place where we are saving okay I think everything is fine let us try it again send the request it's saying the price field I think have not saved so we send the request again send the request and it says product created successfully and I think that one is a success so if we go to products we are going to find that there is a product that has been saved so it's called my product and the product description is the description that we are given to it so I want to save like uh two more and uh this one I can maybe change and say boots and maybe the color of the boots maybe we can say jungle green and also save that one as you can see it has saved it with a status code of 201 and then maybe the third thing I can say t-shirt t-shirts and we can call it the description blue t-shirt and then even this one I'm going to save so we have three of them uh so if I now look I hit the end point that is uh the index we will get we expect to get all the products that we have returned to us so let let us try and do that so for us to be able to hit the index endpoint I will change this one to a get request and send and as you can see we have the data here let me just make this one a little bit bigger we have the data here and we have the first item is called my product and the product is a description created that this and the user ID and all that and then product number two we have boots in the other jungle green product number three is a T-shirt and it's a blue t-shirt so we have all the three requests being brought back I would like also to check for [Music] um one item so maybe I can say API products and then pass in the value of the product that I think that should be a get request if I'm not wrong and I'm going to pass in one let us see if it will be able to hit the endpoint is it a post okay we are getting products number one and this one is eating hitting the show function here where we are returning where we are returning uh one product like that so that is that and then um we can also uh do a post request whereby we want to update the product one and our product one we want to update it with the following information so product number one I want to update it with the information [Music] my uh clean products Maybe as the title and then the description may be my clean product like that let us try to see if we can be able to update that one and you can see it says method not allowed no it's we are supposed to use use either put or patch so in this case let me use patch and then we send and yes as you can see we have the response down here product updated successfully so our first product in this case has been changed in the database and if we are to check because we were calling it my product at first now is no it's no longer called my product it's called my clean product something of that sort and then I want us to go ahead and delete just one of the values so in this case we are going to pass in [Music] um we are going to do a delete request and we are going to delete product number one so when I send that request again you can see product deleted successfully so all these requests are going with our token and that is why the server is able to allow us to be able to do all those requests now I want to perform a log out request and so I will uh just copy the token and uh or we can just use this one here and we can HTTP API I want to hit the logout endpoint and uh when we send the request the API logout method is not supported for the yes we have to change it to a post request and send and now logged out successfully thank you very much I hope this tutorial has been helpful and if you like the video you can click like And subscribe and you can also comment below to just tell us what it is that you feel about what we have talked about thank you very much

Info

Channel: LaraPhant

Views: 11,413

Rating: undefined out of 5

Keywords: laravel passport authentication, laravel rest api authentication, laravel passport tutorial

Id: Qykdok80I9U

Channel Id: undefined

Length: 66min 3sec (3963 seconds)

Published: Thu Jan 05 2023