TuffRivers
7 months ago
1165
5
Laravel

Scopes with Laravel Passport

Posted 7 months ago by TuffRivers

I have a web API that i want to setup scopes for but im lost on one part, how will EVERY request check to ensure hte scope is being enforced and not changed in the front end? Does the middleware call the user from the database and check the scope, and if it matches with the request it will let it through? I am using oauth/token endpoint to receive the token and the refresh token.

For example these are my scopes:


        Passport::setDefaultScope([
            'client'
        ]);

        Passport::tokensCan([
            'admin' => 'All Permissions',
            'operator' => 'Submit Transactions, View Daily Information, Access Mobile Application',
            'client' => 'View Client',
        ]);

These are my routes (only admin so far)

Route::post('/login','API\Auth\[email protected]');

Route::middleware(['auth:api', 'scopes:admin'])->group( function () {

    Route::post('/user/register', 'API\User\[email protected]');

    Route::post('/user/delete', 'API\User\[email protected]');

    Route::get('/user/{id}', 'API\User\[email protected]');

    Route::get('/users', 'API\User\[email protected]');

});

Thanks

Please sign in or create an account to participate in this conversation.