Menu
I have a standard Laravel Passport setup on 5.4 - it all works fine and is generating tokens.
I protect my API routes using the auth:api middleware as well as a custom middleware that checks that specific headers in a request are present and valid before any requests are handled. This middleware works fine for the API routes group.
Is there a way to wrap the Passport routes generated by laravel '.../oauth/token' in this middleware as well?
Currently I have set up the routes in my AuthServiceProvider.php boot() method:
public function boot()
{
$this->registerPolicies();
// Passport/OAuth
Passport::routes(function ($router) {
$router->forAccessTokens();
$router->forTransientTokens();
});
Passport::tokensExpireIn(Carbon::now()->addDays(7));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
The end goal is that the oauth endpoints will return an error if the headers are not present.
301
I have a standard Laravel Passport setup on 5.4 - it all works fine and is generating tokens. I protect my API routes using the auth:api middleware as well as a custom middleware that checks that specific headers in a request are present and valid before any requests are handled. This middleware works fine for the API routes group.
We can create a custom middleware using below artisan command, so open up your terminal and run the command: This command will create a file in app/Http/Middleware directory, it should look something like this * Handle an incoming request. So, the basic structure is ready and now you just have to add your custom code in the handle method.
If you only need to add middleware to one Passport route for example /oauth/token, you can do it this way: Check the controller and method used for this route, in out example it is going to be AccessTokenController@issueToken Create the controller that extends AccessTokenController, you can leave it empty
After running the passport:install command, add the Laravel\Passport\HasApiTokens trait to your App\Models\User model. This trait will provide a few helper methods to your model which allow you to inspect the authenticated user's token and scopes. If your model is already using the Laravel\Sanctum\HasApiTokens trait, you may remove that trait:
In the app/Providers/AuthServiceProvider include the Route facade by adding this use statement somewhere in the top:
use Illuminate\Support\Facades\Route;
Then on the boot() method, put the Passport::routes() inside a Route::group() like this:
Route::group(['middleware'=>'MyFunkyCustomMiddleware'], function(){
Passport::routes(); // <-- Replace this with your own version
});
Hope that helps!
44
You can try this:
Go to app/Providers/AuthServiceProvider and look for the function boot(). In this function you will see a line for registering routes for Passport. The default code is Passport::routes(). This routes() method accepts an options array as second argument. You can use it to set middlewares for Passport routes.
Passport::routes(null, ['middleware' => 'api']);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With