Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

noji's avatar
noji
OP
9 years ago
Level 1

Passport API ?

Hello i have a question i want to use password with password grant with laravel and only laravel not Vue.js so full PHP

i make a function for retrieve token getApiToken , then i want authorize my api access part only for user authenticate

  $response = $this->http->request('GET', $request->url, [
            'headers' => [
                'Accept' => 'application/json',
                'Authorization' => 'Bearer $accessToken,
            ],
        ]);

For example i have

public function getCategories
{
$categories = Category::all();
return json_encode(
            $categories
        );
}

in my routes api.php i put

Route::group(['middleware' => ['auth:api']], function () {
    Route::get('/categories', 'apiController@getCategories');
});

but i don t understand what url i need to call for authenticate with a token

if i do

localhost/site/api/categories  laravel redirect me to /login, and if i put

localhost/site/api/categories?token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjQ1MDAyOWRkYTM1OTlkOWQ1YjFmMDE4YzAwMTcwOTNkNDE3MzAyM2U1YTYyYTdlYTczNjUyY2ZhNTM4NTUyZGExZTE4ZmM4ZDIwZDZiYWI5In0.eyJhdWQiOiIzIiwianRpIjoiNDUwMDI5ZGRhMzU5ffffffCJpYXQiOjE0OTUwMDYyNTQsIm5iZiI6MTQ5NTAwNjI1NCwiZXhwIjoxNTI2NTQyMjU0LCJzdWIiOiI1Iiwic2NvcGVzIjpbXX0.UqRd89fWgRSEJf7bXenJy2iZf5dLEqtdR0i6GlamPTBwhs9Wct9__5oVVndAHTzB2BhHr-BDCgrf_kgVhTVpFI7lquEHOYeEKg4oCN-500WbgxP9xUOiOjqdTLSzlyTYs4ateQQYiPAuq6-GxQWud6WwjQgY0JZAB82H0I7vZ9a8Q9-gukEZhsfG9qgizG1cOB-tRRbPimuS6wwdNjOQhWDmrD4CmZkc3-_PtZydSecUy9jAzQiVUUC3YIakfwEhbGne1b0y5tLtC20lz2niipsbI4Wi5Ls075ZCHY95Wxr3Gb6YI7HQfEOPzCCDr-GtmGIeKg-Oc5Jk0JTPugmV2dPddsss02cOJqNpPeZ1uxaN-B1sXzJJDVBTjDrlxJUjWlhNnmm5KRqJ3O9CmEqeyjXzT87w61cgMtM9RrxJit0pbaQ85ravVfqD1cRy2w63ElKsZ0qLw9j_0lOhDz8iOZn54d0DXXcsPrtwqNxsssse1RgX8WbHO0vshovhyJ3KwdMQJKO1iwXtV3aQao2wjqO8XKPqeKHRqfK5_vfyNXEdbFoJppSVuecG_ksmvizf8OGCx_8C4VvqdoSKCmKeQ2hnaRvLsQSxdS3Itt6uzA5N3H3de4uk8PhX8uPADnnPnVWssO_3C2dHM8EJj2leJyUvf2aR4dDM"

Not work too so what is the good way ?

if i look in database oauth_refresh_token is not registed only is id same for oauth_acces_token it s normal ? I don t understand howcan be work if token is not register somewhere

Thanks for your help

0 likes
27 replies
gustav1105's avatar

Go to app/Http/Kernel.php and add this new middleware to web:

\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,

noji's avatar
noji
OP
9 years ago
Level 1

thanks @gustav1105 i add this to my

protected $middlewareGroups = [ 'web' => [

and then ?

i try acces url and same problem

noji's avatar
noji
OP
9 years ago
Level 1

In my database alt text

I can create token, my problem is how access secure api url only with token and not login password

noji's avatar
noji
OP
9 years ago
Level 1

It s really strange they have no full php example

noji's avatar
noji
OP
9 years ago
Level 1

@gustav1105 in example he use vuejs again, i want use only php so how can i do ?

noji's avatar
noji
OP
9 years ago
Level 1

Something look wrong in documentation it s say

$response = $client->request('GET', '/api/user', [
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer '.$accessToken,
    ],
]);

problem if i make a function

public function getUser(){
$users = User::all();
return json_encode(
            $users 
        );
}

and then call localhost/site/api/user

No authentification is required and if i do

public function getUser(){
$response = $client->request('GET', '/api/user', [
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer '.$accessToken,
    ],
]);

$users = User::all();
return json_encode(
            $users 
        );
}

it s an unfinite Loop so what is the good way ?

gustav1105's avatar

Oh yes off course, have you got http guzzle installed? and then the laravel docs does show you how to create a passport grant without vue as well.

gustav1105's avatar

@noji, why not just use vue with passport?

I always use vue with passport..

jimmy0699's avatar

you have to pass you token in header as Authorization header fallowed by 'Bearer'

like this:

        $response = $this->get('/api/categories', ['Authorization' => 'Bearer ' . $token]);
noji's avatar
noji
OP
9 years ago
Level 1

@jimmy0699 can you give me full example ?

if i do like you say

public function getCategories(){
$response = $this->get('/api/categories', ['Authorization' => 'Bearer ' . $token]);

$categories = Category::all();

        return json_encode(
            $categories
        );

}

It say it s unfinited loop

Thanks

jimmy0699's avatar

  1. yes, totally, that cos you call '/api/categories' in function that api/categories pointed to.

  2. use

return response()->json($categories);

instead of this json_encode

shakti's avatar

sorry

but can you explain me in short what you basically want to do may be i can help in it

noji's avatar
noji
OP
9 years ago
Level 1

@jimmy0699 and @shakti

I doing what you say and got this in log

'GuzzleHttp\Exception\ClientException' with message 'Client error: GET http://localhost/site/api/categories/all resulted in a 429 Too Many Requests

public function getAllCategories(){
    $response = $this->http->request('GET', 'http://localhost/site/api/categories/all', [
        'headers' => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImQ4YmQ2YzQwYWI3M2I5YzIyYjM0MTI2Yzc5YWY2ODc3M2U2NDBlMDJlNDJmYjI5ZTAwMDBjNTJjZmQ5M2VkZmY1Yzk2YzUwMTM1NDc1NzM3In0.eyJhdWQiOiI1IiwianRpIjoiZDhiZDZjNDBhYjczYjljMjJiMzQxMjZjNzlhZjY4NzczZTY0MGUwMmU0MmZiMjllMDAwMddddddZDkzZWRmZjVjOTZjNTAxMzU0NzU3MzciLCJpYXQiOjE0OTUwMjk0ODUsIm5iZiI6MTQ5NTAyOTQ4NSwiZXhwIjoxNTI2NTY1NDg1LCJzdWIiOiI1Iiwic2NvcGVzIjpbIioiXX0.YVHwZJRFiuVsXGuAGEjhoAPgsvx8I6QS1ecB-q3d0ZBvwqyUJRamzIYkbt26rPG0mxb6rheIQ70Cr_sEzytUTZTu4k6peV0rHLhNcTbb7tKbMlOeBiuZ1TH3EjPx2eSv_eVwjK02-x_lVx28voq2250zlQXJrBxSPPi4_fxUeCeCMRd3VLDHpCtEQjELeHU4UZsUnVe1nsnlyHRSomB4N7WDbs5_HyuBeoEysml2Fsy7zuJVO1yXmOeniNHBHQTLKUb67Ltm9G_klMD0BlyCG9WYpqG_-5NKtv_Q0GjqhKjQS4kZS1bsL6DwWfCosihUNcKEB9vOjYSyxdr549YVsUp-wwtlhaHofvpV9Y5pjKi_mqR6Nzwh1edLOgaw2PorKI1LHYa7QmyMuTUYFRFF2Ka_kDCLumT3LWyR5bAgF5vEtKq9OwPCZwPBlVDAQKGz9uO8AV1Xfk8DGi5gwQ3Yj2vamFs0H6Q2X-YoFvHfpzmWtYzPz_O9suiMsyHaDOD9zKUHZOvJN8DipMrOcF66oTye5wVn9Aq8h7Wm8UxX2L4r2oa-9fvbbFtlMjMeaROCspq8jbJ9d3U51Fz8xUycIXUEOY2_IKdKsqrPTOhEEW_RemWmngbqqweufHLBTx704R9zW5jaHSh24fOpcBpkslvB7M27-_H3wmVYW7NwOVw',
        ],
    ]);

    $categories = Category::all();

    return response()->json($categories);

}

and my api

Route::group(['prefix' => 'api','middleware' => ['api']], function () { Route::get('/categories/all', 'apiController@getAllCategories'); }

Like i want i have a website api and mobile app, i log user via api and retrieve a token, then i want use this token for authenticate api REST for my web app for retrieve datas

Thanks

jimmy0699's avatar

router

api.php:

Route::group(['prefix' => 'api','middleware' => ['api']], function () {         
   Route::get('/categories/all', 'apiController@getCategories'); 
}

web.php:

Route::get('/categories/all', 'webController@getAllCategories');

controllers:

webController:

public function getAllCategories(){
    $response = $this->http->request('GET', 'http://localhost/site/api/categories/all', [
        'headers' => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImQ4YmQ2YzQwYWI3M2I5YzIyYjM0MTI2Yzc5YWY2ODc3M2U2NDBlMDJlNDJmYjI5ZTAwMDBjNTJjZmQ5M2VkZmY1Yzk2YzUwMTM1NDc1NzM3In0.eyJhdWQiOiI1IiwianRpIjoiZDhiZDZjNDBhYjczYjljMjJiMzQxMjZjNzlhZjY4NzczZTY0MGUwMmU0MmZiMjllMDAwMddddddZDkzZWRmZjVjOTZjNTAxMzU0NzU3MzciLCJpYXQiOjE0OTUwMjk0ODUsIm5iZiI6MTQ5NTAyOTQ4NSwiZXhwIjoxNTI2NTY1NDg1LCJzdWIiOiI1Iiwic2NvcGVzIjpbIioiXX0.YVHwZJRFiuVsXGuAGEjhoAPgsvx8I6QS1ecB-q3d0ZBvwqyUJRamzIYkbt26rPG0mxb6rheIQ70Cr_sEzytUTZTu4k6peV0rHLhNcTbb7tKbMlOeBiuZ1TH3EjPx2eSv_eVwjK02-x_lVx28voq2250zlQXJrBxSPPi4_fxUeCeCMRd3VLDHpCtEQjELeHU4UZsUnVe1nsnlyHRSomB4N7WDbs5_HyuBeoEysml2Fsy7zuJVO1yXmOeniNHBHQTLKUb67Ltm9G_klMD0BlyCG9WYpqG_-5NKtv_Q0GjqhKjQS4kZS1bsL6DwWfCosihUNcKEB9vOjYSyxdr549YVsUp-wwtlhaHofvpV9Y5pjKi_mqR6Nzwh1edLOgaw2PorKI1LHYa7QmyMuTUYFRFF2Ka_kDCLumT3LWyR5bAgF5vEtKq9OwPCZwPBlVDAQKGz9uO8AV1Xfk8DGi5gwQ3Yj2vamFs0H6Q2X-YoFvHfpzmWtYzPz_O9suiMsyHaDOD9zKUHZOvJN8DipMrOcF66oTye5wVn9Aq8h7Wm8UxX2L4r2oa-9fvbbFtlMjMeaROCspq8jbJ9d3U51Fz8xUycIXUEOY2_IKdKsqrPTOhEEW_RemWmngbqqweufHLBTx704R9zW5jaHSh24fOpcBpkslvB7M27-_H3wmVYW7NwOVw',
        ],
    ]);



    return view('my_awesome_blades', [$response]);

}

apiController:

public function getCategories() {
    return response()->json(Category::all(), 200)
}
jimmy0699's avatar

then you may do that:

public function getAllCategories(Request $request){

if (!$request->ajax()) {
    $response = $this->http->request('GET', 'http://localhost/site/api/categories/all', [
        'headers' => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImQ4YmQ2YzQwYWI3M2I5YzIyYjM0MTI2Yzc5YWY2ODc3M2U2NDBlMDJlNDJmYjI5ZTAwMDBjNTJjZmQ5M2VkZmY1Yzk2YzUwMTM1NDc1NzM3In0.eyJhdWQiOiI1IiwianRpIjoiZDhiZDZjNDBhYjczYjljMjJiMzQxMjZjNzlhZjY4NzczZTY0MGUwMmU0MmZiMjllMDAwMddddddZDkzZWRmZjVjOTZjNTAxMzU0NzU3MzciLCJpYXQiOjE0OTUwMjk0ODUsIm5iZiI6MTQ5NTAyOTQ4NSwiZXhwIjoxNTI2NTY1NDg1LCJzdWIiOiI1Iiwic2NvcGVzIjpbIioiXX0.YVHwZJRFiuVsXGuAGEjhoAPgsvx8I6QS1ecB-q3d0ZBvwqyUJRamzIYkbt26rPG0mxb6rheIQ70Cr_sEzytUTZTu4k6peV0rHLhNcTbb7tKbMlOeBiuZ1TH3EjPx2eSv_eVwjK02-x_lVx28voq2250zlQXJrBxSPPi4_fxUeCeCMRd3VLDHpCtEQjELeHU4UZsUnVe1nsnlyHRSomB4N7WDbs5_HyuBeoEysml2Fsy7zuJVO1yXmOeniNHBHQTLKUb67Ltm9G_klMD0BlyCG9WYpqG_-5NKtv_Q0GjqhKjQS4kZS1bsL6DwWfCosihUNcKEB9vOjYSyxdr549YVsUp-wwtlhaHofvpV9Y5pjKi_mqR6Nzwh1edLOgaw2PorKI1LHYa7QmyMuTUYFRFF2Ka_kDCLumT3LWyR5bAgF5vEtKq9OwPCZwPBlVDAQKGz9uO8AV1Xfk8DGi5gwQ3Yj2vamFs0H6Q2X-YoFvHfpzmWtYzPz_O9suiMsyHaDOD9zKUHZOvJN8DipMrOcF66oTye5wVn9Aq8h7Wm8UxX2L4r2oa-9fvbbFtlMjMeaROCspq8jbJ9d3U51Fz8xUycIXUEOY2_IKdKsqrPTOhEEW_RemWmngbqqweufHLBTx704R9zW5jaHSh24fOpcBpkslvB7M27-_H3wmVYW7NwOVw',
        ],
    ]);

    return view(...);
}else{

    $categories = Category::all();

    return response()->json($categories);
}
}

but this may work but is not recommeded

noji's avatar
noji
OP
9 years ago
Level 1

when i var_dump($response) in webController

object(GuzzleHttp\Psr7\Response)#534 (6) { ["reasonPhrase":"GuzzleHttp\Psr7\Response":private]=> string(2) "OK" ["statusCode":"GuzzleHttp\Psr7\Response":private]=> int(200) ["headers":"GuzzleHttp\Psr7\Response":private]=> array(9) { ["Date"]=> array(1) { [0]=> string(29) "Wed, 17 May 2017 14:39:17 GMT" } ["Server"]=> array(1) { [0]=> string(47) "Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.15" } ["Vary"]=> array(1) { [0]=> string(13) "Authorization" } ["X-Powered-By"]=> array(1) { [0]=> string(10) "PHP/5.6.15" } ["Cache-Control"]=> array(1) { [0]=> string(17) "no-cache, private" } ["X-RateLimit-Limit"]=> array(1) { [0]=> string(2) "60" } ["X-RateLimit-Remaining"]=> array(1) { [0]=> string(2) "56" } ["Content-Length"]=> array(1) { [0]=> string(4) "1612" } ["Content-Type"]=> array(1) { [0]=> string(16) "application/json" } } ["headerNames":"GuzzleHttp\Psr7\Response":private]=> array(9) { ["date"]=> string(4) "Date" ["server"]=> string(6) "Server" ["vary"]=> string(4) "Vary" ["x-powered-by"]=> string(12) "X-Powered-By" ["cache-control"]=> string(13) "Cache-Control" ["x-ratelimit-limit"]=> string(17) "X-RateLimit-Limit" ["x-ratelimit-remaining"]=> string(21) "X-RateLimit-Remaining" ["content-length"]=> string(14) "Content-Length" ["content-type"]=> string(12) "Content-Type" } ["protocol":"GuzzleHttp\Psr7\Response":private]=> string(3) "1.1" ["stream":"GuzzleHttp\Psr7\Response":private]=> object(GuzzleHttp\Psr7\Stream)#532 (7) { ["stream":"GuzzleHttp\Psr7\Stream":private]=> resource(276) of type (stream) ["size":"GuzzleHttp\Psr7\Stream":private]=> NULL ["seekable":"GuzzleHttp\Psr7\Stream":private]=> bool(true) ["readable":"GuzzleHttp\Psr7\Stream":private]=> bool(true) ["writable":"GuzzleHttp\Psr7\Stream":private]=> bool(true) ["uri":"GuzzleHttp\Psr7\Stream":private]=> string(10) "php://temp" ["customMetadata":"GuzzleHttp\Psr7\Stream":private]=> array(0) { } } }

Look like if he not get $response from apiController

noji's avatar
noji
OP
9 years ago
Level 1

@jimmy0699 i try another thing

public function getAllCategories(){
    $response = $this->http->request('GET', 'http://localhost/site/', [
        'headers' => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImQ4YmQ2YzQwYWI3M2I5YzIyYjM0MTI2Yzc5YWY2ODc3M2U2NDBlMDJlNDJmYjI5ZTAwMDBjNTJjZmQ5M2VkZmY1Yzk2YzUwMTM1NDc1NzM3In0.eyJhdWQiOiI1IiwianRpIjoiZDhiZDZjNDBhYjczYjljMjJiMzQxMjZjNzlhZjY4NzczZTY0MGUwMmU0MmZiMjllMDAwMGM1MmNmZDkzZWRmZjVjOTZjNTAxMzU0NzU3MzciLCJpYXQiOjE0OTUwMjk0ODUsIm5iZiI6MTQ5NTAyOTQ4NSwiZXhwIjoxNTI2NTY1NDg1LCJzdWIiOiI1Iiwic2NvcGVzIjpbIioiXX0.YVHwZJRFiuVsXGuAGEjhoAPgsvx8I6QS1ecB-q3d0ZBvwqyUJRamzIYkbt26rPG0mxb6rheIQ70Cr_sEzytUTZTu4k6peV0rHLhNcTbb7tKbMlOeBiuZ1TH3EjPx2eSv_eVwjK02-x_lVx28voq2250zlQXJrBxSPPi4_fxUeCeCMRd3VLDHpCtEQjELeHU4UZsUnVe1nsnlyHRSomB4N7WDbs5_HyuBeoEysml2Fsy7zuJVO1yXmOeniNHBHQTLKUb67Ltm9G_klMD0BlyCG9WYpqG_-5NKtv_Q0GjqhKjQS4kZS1bsL6DwWfCosihUNcKEB9vOjYSyxdr549YVsUp-wwtlhaHofvpV9Y5pjKi_mqR6Nzwh1edLOgaw2PorKI1LHYa7QmyMuTUYFRFF2Ka_kDCLumT3LWyR5bAgF5vEtKq9OwPCZwPBlVDAQKGz9uO8AV1Xfk8DGi5gwQ3Yj2vamFs0H6Q2X-YoFvHfpzmWtYzPz_O9suiMsyHaDOD9zKUHZOvJN8DipMrOcF66oTye5wVn9Aq8h7Wm8UxX2L4r2oa-9fvbbFtlMjMeaROCspq8jbJ9d3U51Fz8xUycIXUEOY2_IKdKsqrPTOhEEW_RemWmngbqqweufHLBTx704R9zW5jaHSh24fOpcBpkslvB7M27-_H3wmVYW7NwOVw',
        ],
    ]);

    return response()->json(Category::all(), 200);

}

and it s work when i call localhost/site/categories/all it s very strange

problem if i change token it s work too

noji's avatar
noji
OP
9 years ago
Level 1

@jimmy0699 ok i start understand the problem, api ask me to be login for authorize access, i think i need to create custom middleware for authentificate with api_token no ?

cause actually i have oauth token but in api routes

Route::group(['prefix' => 'api','middleware' => ['auth:api']], function () { Route::get('/categories/all', 'apiController@getCategories'); }

Middleware ask auth and if i remove auth: all can access and it s not good

Something is wrong somewhere but i don t see where. Cause

with accessToken api must don t ask login

jimmy0699's avatar

flow should loks like this

  1. you login gettin access token from oauth/token api thing
  2. when you have token saving it in session
  3. call some route that return view.
  4. in this controller before you returning view you call api for data to populate your view and here is place for usage of token
  5. api checks token and log you in behide the scenes 6 api returns data 7 web returns view

Please or to participate in this conversation.