DEV Community

Cover image for Create API Rest with Laravel 7.X Passport Authentication And Implement Refresh Token (Part 3)
Mohammad Reza
Mohammad Reza

Posted on

7 1

Create API Rest with Laravel 7.X Passport Authentication And Implement Refresh Token (Part 3)

In this part we want to implement the refresh token

Step 1. Change api.php

we need to add refresh token route like this

<?php

use Illuminate\Support\Facades\Route;

Route::post('login', 'UserController@login');
Route::post('register', 'UserController@register');
Route::post('refreshtoken', 'UserController@refreshToken');

Route::get('/unauthorized', 'UserController@unauthorized');
Route::group(['middleware' => ['CheckClientCredentials','auth:api']], function() {
    Route::post('logout', 'UserController@logout');
    Route::post('details', 'UserController@details');
});
Enter fullscreen mode Exit fullscreen mode

Step 2. Add refreshToken Function in UserController.php

We send request to "oauth/token" with Refreshtoken header and give access token and a new refresh token

...
    public function refreshToken(Request $request) { 
        $refresh_token = $request->header('Refreshtoken');
        $oClient = OClient::where('password_client', 1)->first();
        $http = new Client;

        try {
            $response = $http->request('POST', 'http://mylemp-nginx/oauth/token', [
                'form_params' => [
                    'grant_type' => 'refresh_token',
                    'refresh_token' => $refresh_token,
                    'client_id' => $oClient->id,
                    'client_secret' => $oClient->secret,
                    'scope' => '*',
                ],
            ]);
            return json_decode((string) $response->getBody(), true);
        } catch (Exception $e) {
            return response()->json("unauthorized", 401); 
        }
    }
...
Enter fullscreen mode Exit fullscreen mode

Like this
Alt Text

now you have all things that you need for api auth :)

if you have question you can ask it here :)

share it with your friends if you like it

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (3)

Collapse
 
mrzer0 profile image
Yan Naing (ရန်နိင်)

Hi Mohammad,

It might not relate with your tutorial. I would like to know the difference between Sanctum and Passport. Is Sanctum alone sufficient for RESP api? I mean not only own SPA frontend but also for other third-party application which will use my backend REST api.

Collapse
 
ericsts profile image
Eric Luiz dos Santos

Hi
Nice tutorial !
What is this URL : mylemp-nginx/oauth/token ??

Thanks

Collapse
 
remlinenl profile image
R. Cloeck

its the url he sends the oauth request to
you can replace it to

$response = $http->request('POST', route('passport.token'), [

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay