Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello All, I am working on api where i am trying to protect those API using laravel passport machine-to-machine authentication with client_credentials grant_type and below code I used for token generation which is working fine
public function verifyToken(Request $request, TokenRepository $tokenRepository)
{
$token = $request->input('token');
$getURL = \URL::to('/oauth/token');
// Generate a new token if not provided or expired
$response = Http::asForm()->post($getURL, [
'grant_type' => 'client_credentials',
'client_id' => '9ca5574e-0e15-4680-aee7-0f64fde670',
'client_secret' => '8gNeS0gPNH7J1aFlsTl9xq7lJKU91BtQjIklti',
'scope' => '',
]);
$newToken = $response->json()['access_token'];
return response()->json(['token' => $newToken]);
}
Now I want to apply dynamic approach lets say if I use middleware like this,
Route::get('/test-api', function (Request $request) {
return 'success';
})->middleware('client');
then its working if token is valid in header section but I want to check if passed token is expired or not so if expired I will generate new token or else continue using old token is there any way I could fetch expiry date of passed token ? please help me with this.
@deekshith Client credentials are for say, a server rather than an end user to programatically call an API endpoint. So why are you returning the credentials as a JSON response? No one needs the token; the token is meant to be used server-side.
this is just for machine-to-machine authentication as we don't have any user type login as this is a public API so only allowed clients can access this API .lets say I have a mobile app utilizing our API so mobile app requests should be done using these tokens.
Please or to participate in this conversation.