Laravel Passport with Angular app

Hello, I need support with Laravel 10.20.1 passport implementation. I build headless application and want to use CreateFreshApiToken class so I don't need to provide berrer token in single request. I read documentation and i try to do it but still when i call function protected with auth:api i get unauthorized response. Here is my code:

api routes: Route::post('login', [PassportAuthController::class, 'login'])->middleware(['api-login']); Route::middleware(['auth:api', CreateFreshApiToken::class])->group(function () { Route::post('getUser', [FrontendUserController::class, 'getUser']); });

login function: public function login(Request $request) { $data = [ 'email' => $request->email, 'password' => $request->password ];

    if (auth()->attempt($data)) {

        $user_id = User::select('id')->where('email', $request->email)->first()->toArray();
        $token = auth()->user()->createToken('LaravelAuthApp');

        $expiresAt = Carbon::parse($token->token->expires_at);
        $expiresIn = Carbon::now()->diffInSeconds($expiresAt);
        $expiresIn = $token->token->expires_at->diffInSeconds(now());

        return HelperController::handleSuccess(['token' => $token, 'userID' => $user_id['id'], 'expires_in'=>$expiresIn]);
    } else {
        return HelperController::handleError(['error' => 'Unauthorised']);
    }

}

middlawere for login: public function handle(Request $request, Closure $next) { $request->merge([ 'grant_type' => 'password', 'client_id' => config('passport.personal_access_client.id'), 'client_secret' => config('passport.personal_access_client.secret'), 'username' => $request->input('email'), 'password' => $request->input('password'), ]);

    $response = $next($request);

    if ($response->getStatusCode() === 200) {
        $data = json_decode($response->getContent(), true);

        $response->setContent(json_encode([
            'access_token' => $data['token'],
            'expires_in' => $data['expires_in'],
            'userID' => $data['userID'],
        ]));

    }

    return $response;
}

Kernel.php: protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, ],

    'api' => [
        // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
    ],
];

This is response what i get when try to login: { "access_token": { "accessToken": "eyJ0eXAiOiJKV1QiLCxxx", "token": { "id": "xxxx5", "user_id": 20, "client_id": 1, "name": "LaravelAuthApp", "scopes": [], "revoked": false, "created_at": "2023-06-07T11:36:40.000000Z", "updated_at": "2023-06-07T11:36:40.000000Z", "expires_at": "2023-12-07T11:36:40.000000Z" } }, "expires_in": 15811199, "userID": 20 }

I notice one more thing I don't have created access cookie.

Any solutions here please?

Thanks.

martinbean

2 years ago

Level 80

@miccoly Use Passport properly. It’s an OAuth server implementation, therefore you should be obtaining OAuth access tokens using one of the prescribed flows. Not whatever that login method is doing.

Please or to participate in this conversation.