API Development using Laravel Passport

Nazim Uddin

Step-1: Install Laravel (here used Laravel version10.x)

composer create-project laravel/laravel lara-api

Step-2: Create a database in MySQL named “lara-api” and configure .env file for MySQL database

DB_DATABASE=lara-api
DB_USERNAME=root
DB_PASSWORD=

Step-3: Open the “lara-api” using any Editor like VS Code, run the below command to install Laravel Passport Package

composer require laravel/passport --with-all-dependencies
php artisan migrate
php artisan passport:install

Step-4: now update the below code in app\Models\User.php file

<?php

namespace App\Models;

// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
// use Laravel\Sanctum\HasApiTokens;
use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    /**
     * The attributes that should be hidden for serialization.
     *
     * @var array<int, string>
     */
    protected $hidden = [
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast.
     *
     * @var array<string, string>
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];
}

Step-5: now update guards in \config\auth.php

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

Step-6: Now Make controller using the below command

php artisan make:controller API\UserController

Step-7: Now update in app\Http\Controllers\API\UserController.php file 

<?php

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Auth;


class UserController extends Controller
{
    /**
     * The loginUser function is used for login through api.
     */
    public function loginUser(Request $request): Response
    {
        $input = $request->all();
        Auth::attempt($input);
        $user = Auth::user(); 
        $token = $user->createToken('example')->accessToken; // bearer token will be created here and it has to be set in postman
        // return Response(['status' => 200,'token'=> $token],200);   
        return Response(['status' => 200, 'token' => $token],200);
    }   

    /**
     * The getUserDetail function is used for getting user information.
     */
    public function getUserDetail(): Response
    {
        if(Auth::guard('api')->check()){
            $user = Auth::guard('api')->user();
            return Response(['data' => $user],200);
        }
        return Response(['data' => 'Unauthorized'],401);
    }


    /**
     * The userLogout function is used for logout the transaction
     */
    public function userLogout(): Response
    {
        if(Auth::guard('api')->check()){
            $accessToken = Auth::guard('api')->user()->token();

                \DB::table('oauth_refresh_tokens')
                    ->where('access_token_id', $accessToken->id)
                    ->update(['revoked' => true]);
            $accessToken->revoke();

            return Response(['data' => 'Unauthorized','message' => 'User logout successfully.'],200);
        }
        return Response(['data' => 'Unauthorized'],401);
    }

   
}

Step-8: Now update in routes\api.php file 

<?php
use App\Http\Controllers\API\UserController;
use App\Http\Controllers\Api\ProductController;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Requests\StoreProductRequest;

Route::controller(UserController::class)->group(function(){
Route::post('login','loginUser');
});

Route::controller(UserController::class)->group(function(){
    Route::get('user','getUserDetail');
    Route::get('logout','userLogout');
    })->middleware('auth:api');

Step-9: now go to \database\seeders\DatabaseSeeder.php and update the below code to create a user by using the below command php artisan db:seed –database=mysql

<?php

namespace Database\Seeders;

// use Illuminate\Database\Console\Seeds\WithoutModelEvents;
use Illuminate\Database\Seeder;

class DatabaseSeeder extends Seeder
{
    /**
     * Seed the application's database.
     */
    public function run(): void
    {
        \App\Models\User::factory()->create();
        \App\Models\User::factory()->create([
            'name' => 'Admin User',
            'email' => 'user@gmail.com',
            'password' =>bcrypt(123456),
        ]);
    }
}

Step-10: now check the route list mention above in Postman. Note that you have to save the user id and password in the body filed and use the URL http://localhost:8000/api/login to get the bearer token and set it to the authorization menus.

Leave a Reply

Your email address will not be published. Required fields are marked *