Menu
I'm using Laravel 5.4 and Passport 4. I want to use only First-Party-App only. So as suggested from this answer, I want to stay away from putting the ClientID and ClientSecret in the App. I have put in boot() method of AuthServiceProvider :
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(30));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(60));
I added my own route in api.php to accept login from App :
Route::post('login', 'Auth\LoginController@apiLogin');
This is my Action :
public function apiLogin(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
$user = Auth::user();
$token = $user->createToken('API Access')->accessToken;
return response()->json(["token_type" =>"Bearer","expires_in" => 2592000,"access_token" => $token]);
}
return response()->json(["error" => "invalid_credentials", "message" => "The user credentials were incorrect."], 401);
}
Is there any method to retrieve the number of seconds for expires_in (30 days => 2592000s), or the datetime so I could make the calculation automatically?
724
we can increase personal access token expire time of access token using personalAccessTokensExpireIn(). Let's see bellow example to set longer time of expire access token in laravel 5 application. * The policy mappings for the application. * Register any authentication / authorization services.
This can be done using the following steps: convert expires_in to an expire time (epoch, RFC-3339/ISO-8601 datetime, etc.) store the expire time. on each resource request, check the current time against the expire time and make a token refresh request before the resource request if the access_token has expired.
If you don't want to use the Passport middleware in the project where you want to validate the tokens, you would have to create an endpoint in the Laravel Passport server that can accept the token, perform the usual Passport validation and return a response to your service.
You can store this token in local storage. This token is also stored in the oauth_access_tokens table. We will be sending a GET request to your URL and we need to send it token as Authorization Header. Above way successive technologies can do API authentication in Laravel Application with a passport.
Here is how I managed to get it from the object:
As Tim Lewis pointed me in the comments, there is a $token property, $user->createToken('API Access') is a Laravel\Passport\PersonalAccessTokenResult object that contains 2 public properties : $accessToken (String) and $token (Laravel\Passport\Token). So I get the token with $objToken = $user->createToken('API Access'); and calculate expiration time in seconds with $expiration = $objToken->token->expires_at->diffInSeconds(Carbon::now());. Here is the final code :
public function apiLogin(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
Passport::tokensExpireIn(Carbon::now()->addDays(30));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(60));
$user = Auth::user();
$objToken = $user->createToken('API Access');
$strToken = $objToken->accessToken;
$expiration = $objToken->token->expires_at->diffInSeconds(Carbon::now());
return response()->json(["token_type" => "Bearer", "expires_in" => $expiration, "access_token" => $strToken]);
}
return response()->json(["error" => "invalid_credentials", "message" => "The user credentials were incorrect."], 401);
}
But be careful if using these 2 lines in AuthServiceProvider boot() :
Passport::tokensExpireIn(Carbon::now()->addDays(30));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(60));
as it won't replace the expiration with Personal Access Token in Password Grant Type of Laravel 5.4 according to this Laravel Passport Issue.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With