How to Use Laravel Passport for API Authentication
To use
Laravel Passport, first install it via Composer and run its migrations to create necessary tables. Then, register the Passport service provider, configure your AuthServiceProvider, and use Passport's token methods to secure your API routes with OAuth2 authentication.Syntax
Laravel Passport uses OAuth2 to secure API authentication. The main steps include installing Passport, running migrations, registering the service provider, and using Passport's token methods in your AuthServiceProvider and routes.
composer require laravel/passport: Installs Passport package.php artisan migrate: Creates tables for OAuth clients and tokens.php artisan passport:install: Generates encryption keys and clients.- Register
Laravel\Passport\Passport::routes()inAuthServiceProvider. - Use
HasApiTokenstrait in yourUsermodel.
bash and php
composer require laravel/passport php artisan migrate php artisan passport:install // In app/Providers/AuthServiceProvider.php use Laravel\Passport\Passport; public function boot() { $this->registerPolicies(); Passport::routes(); } // In app/Models/User.php use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens, Notifiable; }
Example
This example shows how to set up Passport in a Laravel app and protect an API route using token authentication.
php
<?php // routes/api.php use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); }); // app/Models/User.php namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens; // other model code } // app/Providers/AuthServiceProvider.php namespace App\Providers; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Laravel\Passport\Passport; class AuthServiceProvider extends ServiceProvider { public function boot() { $this->registerPolicies(); Passport::routes(); } } // config/auth.php return [ 'guards' => [ 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ], ];
Output
GET /api/user with valid token returns authenticated user JSON data
Common Pitfalls
Common mistakes when using Laravel Passport include:
- Not running
php artisan passport:installafter migrations, so keys and clients are missing. - Forgetting to add
HasApiTokenstrait to theUsermodel, which enables token methods. - Not setting the
apiguard driver topassportinconfig/auth.php. - Missing
Passport::routes()call inAuthServiceProvider, so routes for issuing tokens are not registered.
php
/* Wrong: Missing HasApiTokens trait in User model */ class User extends Authenticatable { // Missing: use HasApiTokens; } /* Right: Add HasApiTokens trait */ use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens; }
Quick Reference
| Step | Command/Code | Description |
|---|---|---|
| 1 | composer require laravel/passport | Install Passport package |
| 2 | php artisan migrate | Run migrations for Passport tables |
| 3 | php artisan passport:install | Generate keys and clients |
| 4 | Add Passport::routes() in AuthServiceProvider | Register Passport routes |
| 5 | Use HasApiTokens trait in User model | Enable token methods |
| 6 | Set 'api' guard driver to 'passport' in config/auth.php | Configure API guard |
| 7 | Protect routes with 'auth:api' middleware | Require token authentication |
Key Takeaways
Install Laravel Passport and run migrations before using it.
Add HasApiTokens trait to your User model to enable token features.
Register Passport routes in AuthServiceProvider with Passport::routes().
Set the API guard driver to 'passport' in config/auth.php for token auth.
Protect API routes using the 'auth:api' middleware to require tokens.