Menu
I am using laravel 5.6 and passport is installed and working. I wanted to login the user by sending the post request from ionic 3 application. I wanted to know how to make the login route.
I already made create account route which is working and after user creates account it returns the access_token and refresh_token. But how to implement this for the login route?
I found we can do by using following code by sending post request to the http://127.0.0.1:8000/oauth/token route but... is it safe to save client_id and client_secret in the ionic app itself?
What are the best practices to login the user using laravel passport by sending post request from ionic 3 app (or any other front end framework)?
{
"grant_type" : "password",
"client_id" : "2",
"client_secret" : "HqLqRCRzNN2dwLWM1JhvCoNrbndwNSTGz515hSrswT",
"username" : "[email protected]",
"password" : "123456"
}
211
asked Jan 31 '26 04:01
There's now an alternative to Passport to authenticate SPAs and mobile apps (also maintained by the Laravel): Laravel Sanctum.
Note: This library requires Laravel v6.9+.
Exposing client-credentials is always risky because you don't have full control of the client apps.
If you don't want to store that kind of data in the client-side you could make a little proxy to receive username/password and then complete the call adding the passport client details.
Citing this answer made by @adiachenko:
routes/api.php
Route::post('auth/token', 'Api\Auth\DefaultController@authenticate'); Route::post('auth/refresh', 'Api\Auth\DefaultController@refreshToken');app/Http/Controllers/Api/Auth/DefaultController.php
<?php namespace App\Http\Controllers\Api\Auth; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Route; class DefaultController extends Controller { /** * @var object */ private $client; /** * DefaultController constructor. */ public function __construct() { $this->client = DB::table('oauth_clients')->where('id', 2)->first(); } /** * @param Request $request * @return mixed */ protected function authenticate(Request $request) { $request->request->add([ 'username' => $request->username, 'password' => $request->password, 'grant_type' => 'password', 'client_id' => $this->client->id, 'client_secret' => $this->client->secret, 'scope' => '*' ]); $proxy = Request::create( 'oauth/token', 'POST' ); return Route::dispatch($proxy); } /** * @param Request $request * @return mixed */ protected function refreshToken(Request $request) { $request->request->add([ 'grant_type' => 'refresh_token', 'refresh_token' => $request->refresh_token, 'client_id' => $this->client->id, 'client_secret' => $this->client->secret, ]); $proxy = Request::create( '/oauth/token', 'POST' ); return Route::dispatch($proxy); } }
As you can see, you'll need to make a POST call to /auth/token sending user credentials:
{
"username" : "[email protected]",
"password" : "some-awesome-password"
}
then the authenticate method will complete the passport-client details to continue with the flow.
176
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
