In this part we want to implement the refresh token
Step 1. Change api.php
we need to add refresh token route like this
<?php
use Illuminate\Support\Facades\Route;
Route::post('login', 'UserController@login');
Route::post('register', 'UserController@register');
Route::post('refreshtoken', 'UserController@refreshToken');
Route::get('/unauthorized', 'UserController@unauthorized');
Route::group(['middleware' => ['CheckClientCredentials','auth:api']], function() {
Route::post('logout', 'UserController@logout');
Route::post('details', 'UserController@details');
});
Step 2. Add refreshToken Function in UserController.php
We send request to "oauth/token" with Refreshtoken header and give access token and a new refresh token
...
public function refreshToken(Request $request) {
$refresh_token = $request->header('Refreshtoken');
$oClient = OClient::where('password_client', 1)->first();
$http = new Client;
try {
$response = $http->request('POST', 'http://mylemp-nginx/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => $refresh_token,
'client_id' => $oClient->id,
'client_secret' => $oClient->secret,
'scope' => '*',
],
]);
return json_decode((string) $response->getBody(), true);
} catch (Exception $e) {
return response()->json("unauthorized", 401);
}
}
...
Top comments (3)
Hi Mohammad,
It might not relate with your tutorial. I would like to know the difference between Sanctum and Passport. Is Sanctum alone sufficient for RESP api? I mean not only own SPA frontend but also for other third-party application which will use my backend REST api.
Hi
Nice tutorial !
What is this URL : mylemp-nginx/oauth/token ??
Thanks
its the url he sends the oauth request to
you can replace it to
$response = $http->request('POST', route('passport.token'), [