[![Total Downloads](https://poser.pugx.org/nomadnt/lumen-passport/downloads)](https://packagist.org/packages/nomadnt/lumen-passport) [![Latest Stable Version](https://poser.pugx.org/nomadnt/lumen-passport/v/stable)](https://packagist.org/packages/nomadnt/lumen-passport) [![License](https://poser.pugx.org/nomadnt/lumen-passport/license)](https://packagist.org/packages/nomadnt/lumen-passport) # Lumen Passport Lumen porting of Laravel Passport. The idea come from https://github.com/dusterio/lumen-passport but try to make it transparent with original laravel passport ## Dependencies * PHP >= 7.3.0 * Lumen >= 8.0 ## Installation First of all let's install Lumen Framework if you haven't already. ```sh composer create-project --prefer-dist laravel/lumen lumen-app && cd lumen-app ``` Then install Lumen Passport (it will fetch Laravel Passport along): ```sh composer require nomadnt/lumen-passport ``` ## Configuration Generate your APP_KEY and update .env with single command ```sh sed -i "s|$APP_KEY=$$.*$|\1$(openssl rand -base64 24)|" .env ``` Configure your database connection (ie to use SQLite) This is how your .env file should looking after the changes ```env APP_NAME=Lumen APP_ENV=local APP_KEY= APP_DEBUG=true APP_URL=http://localhost:8000 APP_TIMEZONE=UTC LOG_CHANNEL=stack LOG_SLACK_WEBHOOK_URL= DB_CONNECTION=sqlite CACHE_DRIVER=file QUEUE_CONNECTION=sync ``` Copy the Lumen configuration folder to your project ```sh cp -a vendor/laravel/lumen-framework/config config ``` Update `guards` and `provider` section of your config/auth.php to match Passport requirements ```php [ 'api' => ['driver' => 'passport', 'provider' => 'users'] ], ... 'providers' => [ 'users' => ['driver' => 'eloquent', 'model' => \App\Models\User::class] ] ... ]; ``` You need to change a little the `bootstrap/app.php` file doing the following: ```php withFacades(); // enable eloquent $app->withEloquent(); ... $app->configure('app'); // initialize auth configuration $app->configure('auth'); ... // enable auth and throttle middleware $app->routeMiddleware([ 'auth' => App\Http\Middleware\Authenticate::class, 'throttle' => Fufle\LumenPassport\Middleware\ThrottleRequests::class ]); ... // register required service providers // $app->register(App\Providers\AppServiceProvider::class); $app->register(App\Providers\AuthServiceProvider::class); $app->register(Laravel\Passport\PassportServiceProvider::class); // $app->register(App\Providers\EventServiceProvider::class); ... ``` Create database.sqlite ```sh touch database/database.sqlite ``` Lauch the migrations ```sh php artisan migrate ``` Install Laravel passport ```sh # Install encryption keys and other necessary stuff for Passport php artisan passport:install ``` The previous command should give back to you an output similar to this: ```sh Encryption keys generated successfully. Personal access client created successfully. Client ID: 1 Client secret: BxSueZnqimNTE0r98a0Egysq0qnonwkWDUl0KmE5 Password grant client created successfully. Client ID: 2 Client secret: VFWuiJXTJhjb46Y04llOQqSd3kP3goqDLvVIkcIu ``` ## Registering Routes Now is time to register the passport routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens. To do this open you `app/Providers/AuthServiceProvider.php` and change the `boot` function to reflect the example below. ```php addDays(15)); // change the default refresh token expiration Passport::refreshTokensExpireIn(Carbon::now()->addDays(30)); } } ``` ## User model Make sure your user model uses Passport's `HasApiTokens` trait, eg.: ```php register(App\Providers\AppServiceProvider::class); $app->register(App\Providers\AuthServiceProvider::class); $app->register(Laravel\Passport\PassportServiceProvider::class); $app->register(App\Providers\EventServiceProvider::class); ... ``` Then you need to listen for `AccessTokenCreated` event and register your required listeners ```php [ 'App\Listeners\RevokeOtherTokens', 'App\Listeners\PruneRevokedTokens', ] ]; } ``` Create the `app/Listeners/RevokeOtherTokens.php` file and put the following content ```php where('user_id', $event->userId); $query->where('id', '<>', $event->tokenId); })->revoke(); } } ``` Create the `app/Listeners/PruneRevokedTokens.php` file and put the following content ```php where('user_id', $event->userId); $query->where('id', '<>', $event->tokenId); $query->where('revoked', true); })->delete(); } } ```