How to create Token-Based Authentication(oauth2) for AngularJS and Laravel Apps via passport

Question

I created an web app which it uses laravel default registration(auth), I've tested passport oauth2 client access token from taylor tutorial. My web app uses angular js for UI and laravel for backend , so I need to create user, when create user request is sent from angular and then create a global access token to give it in my response to angular which then in all later request I use it to authenticate requests.

actually I want to implement oauth2 authentication for my web app, but so far I've searched a lot but I couldn't find any useful step by step tutorial for it.

anyone can help me out?

FYI: I'm using laravel 5.3 with passport enabled and angular js 1.5 for frontend.

Answer 1

The purpose of this post is not to answer(as already answered) but to give more info to other readers who eventually need more info on topic.

This is very helpfull tutorial just on this issue Implementing Vue.js 2.0 and Laravel 5.3 with CORS problem solution Check this one and 2 next clips.

Some of this you can find in shorter form here here

Answer 2

I've solved this. I've Customized laravel auth for login and register and created a method which will send a request to the server to create an access token for registering user or log in. I've set up passport and test it as taylor did in his toturial. then in AuthenticatesUsers.php I've changed sendloginResponse method response like :

protected function sendLoginResponse(Request $request)
    {
        isset($request->token) ? $token = $request->token : $token = null;//Check if login request contain token

        $request->session()->regenerate();

        $this->clearLoginAttempts($request);

        return $this->authenticated($request, $this->guard()->user())
            ? $this->StatusCode($token,$this->credentials($request),$status=false) : $this->StatusCode($token,$this->credentials($request),$status=true);

    }

And I have added this method to request access token and send it as json response :

public function StatusCode($token,$user,$status){

        if( $token != null && $token != ''){
            return ($status == true) ? response()->json(GetToken($user),200) : response()->json(['Message' => 'Failed to log in'],403);

        }

        function GetToken($userobject)
        {
            $http = new Client;

            $response = $http->post('http://localhost/iranAd/public/oauth/token', [
                'form_params' => [
                    'grant_type' => 'password',
                    'client_id' => '1',
                    'client_secret' => 'xKqNbzcXyjySg20nVuVLw5nk5PAMhFQOQwRTeTjd',
                    'username' => $userobject['email'],
                    'password' => $userobject['password'],
                    'scope' => '',
                ],
            ]);

            return json_decode((string) $response->getBody(), true);
        }

        function RefreshToken($token,$userobject)
        {
            $http = new Client;

            $response = $http->post('http://localhost/iranAd/public/oauth/token', [
                'form_params' => [
                    'grant_type' => 'refresh_token',
                    'refresh_token' => 'refresh_token',
                    'client_id' => '1',
                    'client_secret' => 'xKqNbzcXyjySg20nVuVLw5nk5PAMhFQOQwRTeTjd',
                    'username' => $userobject['email'],
                    'password' => $userobject['password'],
                    'scope' => '',
                ],
            ]);

            return json_decode((string) $response->getBody(), true);
        }

            return ($status == true) ? response()->json(GetToken($user),200) : response()->json(['Message' => 'Failed to log in'],403);

    }

Same Procedure for register users.

Answer 3

Use JWT token based authentication here you can learn about jwt https://jwt.io/