Reputation: 4843
How to use Laravel passport for Auth and Lumen as api
I am researching for develop an API consumed application using laravel, laravel passport , lumen and AngularJS
I have 3 domains as follows
- auth.dev - Laravel 5.4 + Passport oAuth server ( as a auth server )
- api.dev - Lumen ( as a API seaver )
- app.dev - php + angularjs ( single page app )
I can not properly configure those 3 together. I have setup auth.dev and it will successfully generate Tokens and I can use them from app.dev.
But my requirement is use 3 separate instance for API, Auth and APP
I tried to configure it via Lumen ( to validate Access tokens with auth.dev) but it is not working.
Is this possible or is there any suggestions to achieve this ?
Upvotes: 3
Views: 1460
Answers (1)
Reputation: 3329
I have recently been working on an implementation that is identical to this. It took a little bit of effort to make it work efficiently, but it's working!
Basically, if you care about validating the tokens you're receiving (which you should), you will need a way to forward the token that Lumen receives from client applications onto your OAuth service and return some details of that authentication to your Lumen app.
If you know that your Lumen API service is always going to run on the same machine, you could use some sort of RPC to save going over HTTP unnecessarily - I used a command line interface via a custom Artisan command in the OAuth service and a custom script to run it from the Lumen side which I call RemoteArtisan.
The other method is via HTTP, basically making your OAuth service provide its own very basic API endpoint. Something like this in routes/api.php should do:
Route::middleware('client')->get('user', function (Request $request) {
$helper = new App\FirstPartyClientHelper;
return response()->json($helper->getTokenOwnerDetails($request->bearerToken()));
});
My FirstPartyClientHelper is a simple class that parses the token to get the ID out of it and use that to fetch the resources from the OAuth DB that I want to send back to Lumen. You might not need to do lots of queries or send lots of data here, it could just be a simple pass/fail. Depends on your needs.
One thing I would recommend figuring out and sending back to your Lumen app though is what scopes were assigned to the token. You'll probably want to use these along with the various scope middleware available in Passport.
The only option here at the moment is to duplicate those middleware classes (CheckScopes and CheckForAnyScope) into your Lumen app and load them manually. But this is pretty straightforward as they're basic.
You may need to modify them so that they can see the scopes that come back from your OAuth endpoint through your Authenticatable class (typically the User model).
Either of these solutions are going to add some overhead to each request, so it's worth thinking about caching the result of this for some time on the Lumen end.
If you do that though, make sure it's not cached for a long time because it could allow expired tokens to still be considered as valid.
Alternatively, store the expiry time of the token somewhere in your cache and validate that against the time of the request to make sure the token hasn't expired.
Hope this helps.
Upvotes: 1
Related Questions
- Lumen Passport return 500 error instead 401 error
- laravel/passport for laravel lumen support
- How in in lumen app adding laravel\passport fix error in app/Models/User.php?
- Laravel client authentification with external Laravel passport lumen api
- User Authentication in Lumen
- laravel passport api authentication
- How to Integrate Laravel Passport (Laravel 5.3) in Lumen 5.3 or generate Oauth2 token with library dusterio/lumen-passport?
- lumen passport login using username or email
- Lumen HTTP Basic Authentication
- Lumen Authentication