Laravel Passport - Guest Token

Question

Let's assume there is an application with 10 dynamic pages (probably forms) out of which, 8 pages are restricted (requires user to login in application) and 2 pages are available for anonymous users.

My front end application is in Angular 2 and back-end API is developed in Laravel 5.4. I'm more fascinated towards JWT tokens and found that, laravel has in-built support through passport.

Questions:

1. I can easily use password grant tokens for those 8 restricted page. But how do I give guest token to my Angular app for accessing those 2 pages
2. How can I restrict guest user for accessing API features of 8 restricted page. (Or how do I check if visited user is guest or logged in user at API end)

Note: I cannot use Personal Access Tokens as it will allow my app to use any restricted API feature.

Answer 1

I've used JWT approach here. In my case, I created JWT token from my API. For those who wants to use JWT feature, they can take a look at this package. I added new payload called "Guest" and assigned boolean value to it. In my database, I added new user (called anonymous user) and stored the id of it in my laravel configuration.

Next, I created new middleware VerifyJwtToken, which validates the user, extracts it's payload (with base64_decode) and identify if it is guest. Now all of my Laravel routes are inside this middleware.

Next, I stored this token in laravel session as well as localStorage (for accessing it through angular).

Now, I can easily access this token from localStorage. In the Angular end i used Angular2Jwt package which helps extracting the token and identifying if it is guest or logged in user. I also created HTTP Interceptor in Angular 4 which adds JWT token as header in every API requests.