API for Mobile Application

@pnandu1990

As per I know, there is no dedicated series about API for the mobile client in Laravel.

However, you can check it out this- https://laracasts.com/series/laravel-vue-and-spas

@tisuchi thanks, I will check.

Hey @pnandu1990, I'm currently building an API for a mobile app in Laravel and here's my approach:

• use Laravel Passport
• specifically Password Grant Tokens - this will allow you to obtain an access token using an e-mail address / username and password.
• you will store that access token within your app and then send it to the API with every single request to authenticate the user

Here's a test I wrote for making sure the authentication works properly:

<?php

namespace Tests\Feature\Api;

use Tests\TestCase;
use Illuminate\Foundation\Testing\WithFaker;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Laravel\Passport\Client;
use App\User;
use App\Mail\Auth\ActivationEmail;

class AuthFlowTest extends TestCase
{
    use RefreshDatabase;

    /**
     * oAuth client record.
     *
     * @var Client
     */
    private $client;

    /**
     * Setup the test environment.
     *
     * @return void
     */
    protected function setUp(): void
    {
        parent::setUp();

        $this->artisan('passport:install');

        $this->client = Client::where('password_client', 1)->first();
    }

    public function testUsersCanLoginAndGetAnAuthenticationToken()
    {
        $user = factory(User::class)->create();

        // 1. users can get access tokens
        $response = $this->postJson('/oauth/token', [
            'grant_type' => 'password',
            'client_id' => $this->client->id,
            'client_secret' => $this->client->secret,
            'username' => $user->email,
            'password' => 'password',
            'scope' => '*',
        ])
            ->assertStatus(200)
            ->assertJsonStructure([
                'token_type',
                'expires_in',
                'access_token',
                'refresh_token',
            ]);

        // 2. users can refresh existing tokens
        $json = $response->json();
        $this->postJson('/oauth/token', [
            'grant_type' => 'refresh_token',
            'client_id' => $this->client->id,
            'client_secret' => $this->client->secret,
            'refresh_token' => $json['refresh_token'],
            'scope' => '*',
        ])
            ->assertStatus(200)
            ->assertJsonStructure([
                'token_type',
                'expires_in',
                'access_token',
                'refresh_token',
            ]);
    }
}

I hope that helps and good luck!

@dev_nope thanks