7.7 KiB
Lumen Passport
Lumen porting of Laravel Passport. The idea come from https://github.com/dusterio/lumen-passport but try to make it transparent with original laravel passport
Dependencies
- PHP >= 7.3.0
- Lumen >= 8.0
Installation
First of all let's install Lumen Framework if you haven't already.
composer create-project --prefer-dist laravel/lumen lumen-app && cd lumen-app
Then install Lumen Passport (it will fetch Laravel Passport along):
composer require nomadnt/lumen-passport
Configuration
Generate your APP_KEY and update .env with single command
sed -i "s|\(APP_KEY=\)\(.*\)|\1$(openssl rand -base64 24)|" .env
Configure your database connection (ie to use SQLite) This is how your .env file should looking after the changes
APP_NAME=Lumen
APP_ENV=local
APP_KEY=<my-super-strong-api-key>
APP_DEBUG=true
APP_URL=http://localhost:8000
APP_TIMEZONE=UTC
LOG_CHANNEL=stack
LOG_SLACK_WEBHOOK_URL=
DB_CONNECTION=sqlite
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
Copy the Lumen configuration folder to your project
cp -a vendor/laravel/lumen-framework/config config
Update guards
and provider
section of your config/auth.php to match Passport requirements
<?php
return [
...
'guards' => [
'api' => ['driver' => 'passport', 'provider' => 'users']
],
...
'providers' => [
'users' => ['driver' => 'eloquent', 'model' => \App\Models\User::class]
]
...
];
You need to change a little the bootstrap/app.php
file doing the following:
<?php
...
// enable facades
$app->withFacades();
// enable eloquent
$app->withEloquent();
...
$app->configure('app');
// initialize auth configuration
$app->configure('auth');
...
// enable auth and throttle middleware
$app->routeMiddleware([
'auth' => App\Http\Middleware\Authenticate::class,
'throttle' => Nomadnt\LumenPassport\Middleware\ThrottleRequests::class
]);
...
// register required service providers
// $app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Laravel\Passport\PassportServiceProvider::class);
// $app->register(App\Providers\EventServiceProvider::class);
...
Create database.sqlite
touch database/database.sqlite
Lauch the migrations
php artisan migrate
Install Laravel passport
# Install encryption keys and other necessary stuff for Passport
php artisan passport:install
The previous command should give back to you an output similar to this:
Encryption keys generated successfully.
Personal access client created successfully.
Client ID: 1
Client secret: BxSueZnqimNTE0r98a0Egysq0qnonwkWDUl0KmE5
Password grant client created successfully.
Client ID: 2
Client secret: VFWuiJXTJhjb46Y04llOQqSd3kP3goqDLvVIkcIu
Registering Routes
Now is time to register the passport routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens.
To do this open you app/Providers/AuthServiceProvider.php
and change the boot
function to reflect the example below.
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Carbon;
// don't forget to include Passport
use Nomadnt\LumenPassport\Passport;
class AuthServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*
* @return void
*/
public function register()
{
//
}
/**
* Boot the authentication services for the application.
*
* @return void
*/
public function boot()
{
// register passport routes
Passport::routes();
// change the default token expiration
Passport::tokensExpireIn(Carbon::now()->addDays(15));
// change the default refresh token expiration
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}
}
User model
Make sure your user model uses Passport's HasApiTokens
trait, eg.:
<?php
namespace App;
use Illuminate\Auth\Authenticatable;
use Laravel\Passport\HasApiTokens;
use Laravel\Lumen\Auth\Authorizable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
use HasApiTokens, Authenticatable, Authorizable;
// rest of the model
}
Access Token Events
Prune and/or Revoke tokens
If you want to revoke or purge tokens on event based you have to create related Listeners and
register on your app/Http/Providers/EventServiceProvider.php
istead of using deprecated properties
Passport::$revokeOtherTokens = true;
and Passport::$pruneRevokedTokens = true;
First you need to make sure that EventServiceProvider
is registered on your bootstrap/app.php
<?php
...
// $app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Laravel\Passport\PassportServiceProvider::class);
$app->register(App\Providers\EventServiceProvider::class);
...
Then you need to listen for AccessTokenCreated
event and register your required listeners
<?php
namespace App\Providers;
use Laravel\Lumen\Providers\EventServiceProvider as ServiceProvider;
class EventServiceProvider extends ServiceProvider{
/**
* The event listener mappings for the application.
*
* @var array
*/
protected $listen = [
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOtherTokens',
'App\Listeners\PruneRevokedTokens',
]
];
}
Create the app/Listeners/RevokeOtherTokens.php
file and put the following content
<?php
namespace App\Listeners;
use Laravel\Passport\Events\AccessTokenCreated;
use Laravel\Passport\Token;
class RevokeOtherTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param \App\Events\OrderShipped $event
* @return void
*/
public function handle(AccessTokenCreated $event)
{
Token::where(function($query) use($event){
$query->where('user_id', $event->userId);
$query->where('id', '<>', $event->tokenId);
})->revoke();
}
}
Create the app/Listeners/PruneRevokedTokens.php
file and put the following content
<?php
namespace App\Listeners;
use Laravel\Passport\Events\AccessTokenCreated;
use Laravel\Passport\Token;
class PruneRevokedTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param \App\Events\AccessTokenCreated $event
* @return void
*/
public function handle(AccessTokenCreated $event)
{
Token::where(function($query) use($event){
$query->where('user_id', $event->userId);
$query->where('id', '<>', $event->tokenId);
$query->where('revoked', true);
})->delete();
}
}