DEV Community: StefanT123 The latest articles on DEV Community by StefanT123 (@stefant123). https://dev.to/stefant123 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F60788%2F2523c608-4dca-4273-8191-64dfe1c5fb58.jpg DEV Community: StefanT123 https://dev.to/stefant123 en Basic Git commands explained StefanT123 Thu, 11 Jun 2020 10:59:18 +0000 https://dev.to/stefant123/basic-git-commands-explained-1cjd https://dev.to/stefant123/basic-git-commands-explained-1cjd <h2> Table of contents </h2> <ul> <li>What's Git</li> <li> Most common Git commands <ul> <li>git clone</li> <li>git init</li> <li>git remote add</li> <li>git add</li> <li>git commit</li> <li>git log</li> <li>git push</li> <li>git branch</li> <li>git branch {branch-name}</li> <li>git branch -d {branch-name}</li> <li>git branch -D {branch-name}</li> <li>git push {remote-name} --delete {branch-name}</li> <li>git merge</li> <li>git fetch</li> <li>git pull</li> <li>git checkout</li> <li>git checkout -b {branch-name}</li> <li>git checkout {commit-hash}</li> <li>git checkout {commit-hash} {file-name}</li> <li>git reset</li> <li>git reset --hard {commit-hash}</li> <li>git revert</li> </ul> </li> </ul> <h3> What's git <a></a> </h3> <p>Git is distributed version-control system for tracking changes in files. It was originally created by Linus Torvalds in 2005 for development of the linux kernel as an open-source project. Current maintainer of git is Junio Hamano. Having a distributed architecture, Git is an example of Distributed Version Control System. That means that rather than having only one single place for the full version history of the software as is common in once-popular version control systems like CVS or Subversion (also known as SVN), in Git, every developer's working copy of the code is also a repository that can contain the full history of all changes.</p> <h3> Most common Git commands <a></a> </h3> <p>Here are the most common Git commands and their explanation.</p> <p><strong>NOTE</strong>: As Git hosting I'm going to reffer to GitHub, but it's the same for every other Git hosting (GitLab, BitBucket, etc.)</p> <h3> <strong><code>git clone</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git clone <span class="o">{</span>url-of-the-project<span class="o">}</span> git clone <span class="nt">-b</span> <span class="o">{</span>some-specific-branch<span class="o">}</span> <span class="o">{</span>url-of-the-project<span class="o">}</span> <span class="c"># clone from specific branch</span> git clone <span class="o">{</span>url-of-the-project<span class="o">}</span> <span class="o">{</span>folder-in-which-to-clone<span class="o">}</span> <span class="c"># clone in specific folder</span> </code></pre></div> <p><code>DESCRIPTION</code>:</p> <ul> <li>It initializes Git, adds new remote and clones some existing project from GitHub to your computer</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>This command is used only once per project</li> <li>That project can be empty, or it can already have some files in it</li> <li>When cloning a project, by default it will clone the master branch, if not specified otherwise</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>If we want to get some project from GitHub and start working on it</li> </ul> <h3> <strong><code>git init</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git init </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It initializes Git in the folder in which we're calling the command</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>This command is used only once per project and this is usualy the first command you'll run in a new project</li> <li>When initializing Git in a project, by default it will initialize it on master branch</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>Convert an existing, unversioned project to a Git repository or initialize a new, empty Git repository</li> </ul> <h3> <strong><code>git remote add</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git remote add <span class="o">{</span>name<span class="o">}</span> <span class="o">{</span>url-of-the-project<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It adds new remote</li> <li>It takes two arguments: <ul> <li>a remote name eg. <code>origin</code> </li> <li>a remote url eg. <code>https://github.com/{username}/{repo}.git</code> </li> </ul> </li> </ul> <p><code>NOTE</code>: </p> <ul> <li>At the begining of the project, we should set new remote</li> <li>We can add many remotes, as long as they have different names (<code>origin</code>, <code>upstream</code>, etc.)</li> <li>If the remote name already exists, Git will throw an error</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to add new remote, so we can push our local repository to GitHub</li> </ul> <h3> <strong><code>git add</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git add <span class="o">{</span>files-to-add<span class="o">}</span> git add <span class="nb">.</span> <span class="c"># add every change</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It adds a change in our working directory to the staging area</li> <li>Basically it tells Git that we want to include these changes to some file in the next commit</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>It doesn't really affect the repository until we make a commit</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've made some changes in our working directory (our project), and we want to include these changes in our next commit</li> </ul> <h3> <strong><code>git commit</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git commit <span class="c"># it will open some editor so you can write your commit message</span> git commit <span class="nt">-m</span> <span class="s2">"some message"</span> <span class="c"># commit message is written inline</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It records every change that we've made in our working directory (that we've added with <code>git add</code>) as an object in our local repository</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>It will save the changes in our local repository, not on GitHub</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've made some progress in our project, and we want to save our project in this exact state</li> <li>It's sort of like a backup for a project</li> </ul> <h3> <strong><code>git log</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git log </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will show all the commits in the project</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've want to see all previous commits that occured in the project</li> </ul> <h3> <strong><code>git push</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git push <span class="nt">-u</span> <span class="o">{</span>remote-name<span class="o">}</span> <span class="o">{</span>branch<span class="o">}</span> <span class="c"># it pushes to GitHub, and sets the branch as upstream so that next time you won't have to specify the branch on which to push</span> git push <span class="o">{</span>remote-name<span class="o">}</span> <span class="c"># if you have already set an upstream branch</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will push (copy) all your local repository content to GitHub</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>Once we push to GitHub, we can see all our work on the remote repository (GitHub)</li> <li>You have to set remote name first with <code>git remote add {name} {url}</code>, so that Git will know what the remote is</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to be sure that the commits we've made, won't be lost</li> <li>We want to be able to access the project from multiple computers</li> <li>We want to be able to collaborate with other people on a project</li> </ul> <h3> <strong><code>git branch</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git branch </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will show as all our local branches</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to see what branches do we have locally</li> </ul> <h3> <strong><code>git branch {branch-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git branch <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will create new branch</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>The branch will be created, but you will remain on the same branch (it won't switch you to the newly created branch)</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to create a new branch</li> </ul> <h3> <strong><code>git branch -d {branch-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git branch <span class="nt">-d</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will delete a branch that's already merged</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>This is safest way to delete a branch</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to delete a branch that's been merged and we don't need that branch anymore</li> </ul> <h3> <strong><code>git branch -D {branch-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git branch <span class="nt">-D</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will force delete a branch even if it's not already merged</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>Do this if you are 100% sure that you don't need that branch</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to force delete a branch, and we don't care if it's merged or not</li> </ul> <h3> <strong><code>git push {remote-name} --delete {branch-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git push <span class="o">{</span>remote-name<span class="o">}</span> <span class="nt">--delete</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will delete a remote branch (a branch that's on GitHub) </li> </ul> <p><code>NOTE</code>: </p> <ul> <li>We can delete a remote branch directly from GitHub</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to delete some remote branch</li> </ul> <h3> <strong><code>git merge</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git merge <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will merge the specified branch on the current branch</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>If there are conflicts when you merge, you'll have to fix the conflicts first, remove the part you don't need and leave the part that you need</li> <li>The current branch will be updated to reflect the merge, but the target branch will be completely unaffected</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to combine work that's been done on two separate branches</li> </ul> <h3> <strong><code>git fetch</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git fetch <span class="o">{</span>remote-name<span class="o">}</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will copy the contents from a remote repository branch into your local repository</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>Git will automatically make local branch with the same name as the remote branch</li> <li>It won't affect your current branch or any other branch</li> <li>If you run <code>git branch</code> it won't show you the newly created branch, to see it you will have to run <code>git branch -r</code>, however you can checkout to that branch with <code>git checkout {branch-name}</code> </li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want see the work that's been done on some remote branch</li> <li>We want to review the commits before merging them into our local repository</li> </ul> <h3> <strong><code>git pull</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git pull <span class="o">{</span>remote-name<span class="o">}</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will copy the contents from a remote repository branch and merge all the changes into the current branch</li> <li>Basically it will do <code>git fetch</code> and <code>git merge</code> </li> </ul> <p><code>NOTE</code>: </p> <ul> <li>When you run <code>git pul</code>l, it will automatically merge the branch you are pulling with the branch you are currently on </li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to update our local repository with a version from remote repository</li> </ul> <h3> <strong><code>git checkout</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git checkout <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will switch to some branch</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>Git checkout has many uses</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've created some branch with git branch {name}, and now we want to switch to that branch </li> </ul> <h3> <strong><code>git checkout -b {branch-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git checkout <span class="nt">-b</span> <span class="o">{</span>branch-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will create and switch to that branch</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>It basically does <code>git branch {branch-name}</code> and <code>git checkout {branch-name}</code> </li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've created some branch with <code>git branch {name}</code>, and now we want to switch to that branch </li> </ul> <h3> <strong><code>git checkout {commit-hash}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git checkout <span class="o">{</span>commit-hash<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will go back to some commit so we can inspect the files at that point in time (when we commited) </li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We've want to see how the project looked like at some point in time (when we commited)</li> </ul> <h3> <strong><code>git checkout {commit-hash} {file-name}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git checkout <span class="o">{</span>commit-hash<span class="o">}</span> <span class="o">{</span>file-name<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will get the version of some file and it will put it in place of our current file</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We want to revert back some file as it was at some point in time (when we commited)</li> </ul> <h3> <strong><code>git reset</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git reset <span class="o">{</span>commit-hash<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will go back to some commit, but it will delete all commits that were after the specified commit</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>All commits that were after the specified commit will be deleted</li> <li>It won't make any changes in the working directory (files will be preserved as they were)</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We started working on something, and then we realized that we are doing something wrong and we want to fix that</li> </ul> <h3> <strong><code>git reset --hard {commit-hash}</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git reset <span class="nt">--hard</span> <span class="o">{</span>commit-hash<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will go back to some commit, but it will delete all commits that were after the specified commit and it will revert all the files as they were at the specified commit</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>All commits that were after the specified commit will be deleted</li> <li>All the files will be reverted as they were at the commit that we've specified</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>We started working on something, and then we realized that we are doing something wrong and we want to start all over again</li> </ul> <h3> <strong><code>git revert</code></strong> <a></a> </h3> <p><code>COMMAND</code>:<br> </p> <div class="highlight"><pre class="highlight shell"><code>git revert <span class="o">{</span>commit-hash<span class="o">}</span> </code></pre></div> <p><code>DESCRIPTION</code>: </p> <ul> <li>It will go back to some commit, but it will create new commit while doing this</li> </ul> <p><code>NOTE</code>: </p> <ul> <li>All commits will be preserved</li> <li>It will create new commit</li> <li>Git revert is the safest command if we want to go back to some commit</li> </ul> <p><code>USAGE</code>:</p> <ul> <li>When we want to return to some point in time (to some commit), but we want to be sure that no commit will be lost</li> </ul> <p><strong>If you think you have found any misleading information or a typo in this post, please comment below</strong></p> git beginners tutorial PKCE authenticaton for Nuxt SPA with Laravel as backend StefanT123 Tue, 07 Apr 2020 09:53:16 +0000 https://dev.to/stefant123/pkce-authenticaton-for-nuxt-spa-with-laravel-as-backend-170n https://dev.to/stefant123/pkce-authenticaton-for-nuxt-spa-with-laravel-as-backend-170n <p>In this post I will show you how you can use PKCE(Proof Key for Code Exchange) for authentication. I will use Nuxt.js, because that's what I use in my day to day workflow, but I will try to make it as generic as possible so that it can be implemented in other frameworks or even in vanilla javascript.</p> <p>The Proof Key for Code Exchange extension is a technique for public clients to mitigate the threat of having the authorization code intercepted. The technique involves the client first creating a secret, and then using that secret again when exchanging the authorization code for an access token. This way if the code is intercepted, it will not be useful since the token request relies on the initial secret.</p> <p>The basic workflow of the PKCE is this:</p> <ol> <li>User requests to login</li> <li>The SPA makes a random string for <code>state</code> and for <code>code_verifier</code>, then it hashes the <code>code_verifier</code> (we will use <code>SHA256</code> as hashing algorithm), and it converts it to <code>base64</code> url safe string, that's our <code>code_challenge</code>. Then it saves the <code>state</code> and <code>code_verifier</code>.</li> <li>Make a <code>GET</code> request to the backend with the query parameters needed: <code>client_id</code>, <code>redirect_uri</code>, <code>response_type</code>, <code>scope</code>, <code>state</code>, <code>code_challenge</code> and <code>code_challenge_method</code> (there can be other required paramateres)</li> <li>The user is redirected to the backend <code>login</code> page</li> <li>The user submits it's credentials</li> <li>The backend validates the submited credentials and authenticates the user</li> <li>The backend then proceeds to the intended url from step 3</li> <li>It returns a response containing <code>code</code> and <code>state</code> </li> <li>SPA then checks if the returned <code>state</code> is equal as the <code>state</code> that was saved when we made the initial request (in step 2)</li> <li>If it is the same, the SPA makes another request with query parameters <code>grant_type</code>, <code>client_id</code>, <code>redirect_uri</code>, <code>code_verifier</code>(that we saved in step 2) and <code>code</code>(that was returned by the backend) to get the token</li> </ol> <p>For those who are lazy and don't want to read yet another post. Here are the links for the github repositories:</p> <ul> <li><a href="https://github.com/StefanT123/pkce-backend">Laravel (backend)</a></li> <li><a href="https://github.com/StefanT123/pkce-frontend">Nuxt (frontend)</a></li> </ul> <h2> Table of contents </h2> <ul> <li> Backend <ul> <li>Setting Laravel Passport</li> <li>Setting CORS</li> <li>Creating the API</li> </ul> </li> <li>Frontend</li> </ul> <h3> Backend <a></a> </h3> <p>I will assume that you already have Laravel application set up, so I will go directly to the important parts of this post.</p> <h4> Setting Laravel Passport <a></a> </h4> <p>We will use Laravel Passport which provides a full OAuth2 server implementation for your Laravel application. Specifically we will use the Authorization Code Grant with PKCE. As stated in the passport documentation</p> <blockquote> <p>The Authorization Code grant with "Proof Key for Code Exchange" (PKCE) is a secure way to authenticate single page applications or native applications to access your API. This grant should be used when you can't guarantee that the client secret will be stored confidentially or in order to mitigate the threat of having the authorization code intercepted by an attacker. A combination of a "code verifier" and a "code challenge" replaces the client secret when exchanging the authorization code for an access token.</p> </blockquote> <p>We are going to require the passport through composer<br> <code>composer require laravel/passport</code></p> <p>Run the migrations<br> <code>php artisan migrate</code></p> <p>And install passport<br> <code>php artisan passport:install</code></p> <p>Next we should add <code>HasApiTokens</code> trait to the <code>User</code> model<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Foundation\Auth\User</span> <span class="k">as</span> <span class="nc">Authenticatable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Notifications\Notifiable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Passport\HasApiTokens</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">HasApiTokens</span><span class="p">,</span> <span class="nc">Notifiable</span><span class="p">;</span> <span class="c1">// [code]</span> <span class="p">}</span> </code></pre> </div> <p>Register the <code>Passport</code> routes that we need within the <code>boot</code> method of <code>AuthServiceProvider</code>, and set the expiration time of the tokens<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// [code]</span> <span class="kn">use</span> <span class="nc">Laravel\Passport\Passport</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthServiceProvider</span> <span class="kd">extends</span> <span class="nc">ServiceProvider</span> <span class="p">{</span> <span class="c1">// [code]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">boot</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">registerPolicies</span><span class="p">();</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">routes</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$router</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forAuthorization</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forAccessTokens</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forTransientTokens</span><span class="p">();</span> <span class="p">});</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">tokensExpireIn</span><span class="p">(</span><span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addMinutes</span><span class="p">(</span><span class="mi">5</span><span class="p">));</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">refreshTokensExpireIn</span><span class="p">(</span><span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addDays</span><span class="p">(</span><span class="mi">10</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Set the api driver to <code>passport</code> in <code>config/auth.php</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// [code]</span> <span class="s1">'guards'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'web'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'session'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="p">],</span> <span class="s1">'api'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'passport'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="s1">'hash'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">],</span> <span class="p">],</span> <span class="c1">// [code]</span> </code></pre> </div> <p>And the last step is to create PKCE client<br> <code>php artisan passport:client --public</code></p> <p>You are then going to be prompted some questions, here are my answers:<br> <code>Which user ID should the client be assigned to?</code> -&gt; 1<br> <code>What should we name the client?</code> -&gt; pkce<br> <code>Where should we redirect the request after authorization?</code> -&gt; <a href="http://localhost:3000/auth">http://localhost:3000/auth</a> (your SPA domain)</p> <h4> Setting CORS <a></a> </h4> <h5> <strong>For laravel version &lt; 7</strong> </h5> <p>Manually install <code>fruitcake/laravel-cors</code> and follow along, or you can create your own CORS middleware.</p> <h5> <strong>For laravel version &gt; 7</strong> </h5> <p>Change your <code>config/cors.php</code>, so that you add the <code>oauth/token</code> in your paths, and your SPA origin in <code>allowed_origins</code>. My config looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">return</span> <span class="p">[</span> <span class="s1">'paths'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'api/*'</span><span class="p">,</span> <span class="s1">'oauth/token'</span><span class="p">],</span> <span class="s1">'allowed_methods'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'*'</span><span class="p">],</span> <span class="s1">'allowed_origins'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'http://localhost:3000'</span><span class="p">],</span> <span class="s1">'allowed_origins_patterns'</span> <span class="o">=&gt;</span> <span class="p">[],</span> <span class="s1">'allowed_headers'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'*'</span><span class="p">],</span> <span class="s1">'exposed_headers'</span> <span class="o">=&gt;</span> <span class="p">[],</span> <span class="s1">'max_age'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="s1">'supports_credentials'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">];</span> </code></pre> </div> <h4> Creating the API <a></a> </h4> <p>Create the routes in <strong><code>routes/web.php</code></strong>, now this is important, the routes <strong>MUST</strong> be placed in <code>routes/web</code>, all the other routes can be in <code>routes/api</code>, but the login route must be in <code>routes/web</code>, because we will need session.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">view</span><span class="p">(</span><span class="s1">'login'</span><span class="p">,</span> <span class="s1">'login'</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'login'</span><span class="p">,</span> <span class="s1">'AuthController@login'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'login'</span><span class="p">);</span> </code></pre> </div> <p>Now, create the <code>login</code> view and the <code>AuthController</code>.</p> <p>In the <code>resources/views</code> create new <code>login.blade.php</code> file and in there we will put some basic form. I won't apply any style to it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">method=</span><span class="s">"post"</span> <span class="na">action=</span><span class="s">"{{ route('login') }}"</span><span class="nt">&gt;</span> @csrf <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"email"</span><span class="nt">&gt;</span>Email:<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">name=</span><span class="s">"email"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"password"</span><span class="nt">&gt;</span>Password:<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"password"</span> <span class="na">name=</span><span class="s">"password"</span><span class="nt">&gt;</span> <span class="nt">&lt;button&gt;</span>Login<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre> </div> <p>Make <code>AuthController</code> and create <code>login</code> method in there<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// [code]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">login</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">guard</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">attempt</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">only</span><span class="p">(</span><span class="s1">'email'</span><span class="p">,</span> <span class="s1">'password'</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">intended</span><span class="p">();</span> <span class="p">}</span> <span class="k">throw</span> <span class="k">new</span> <span class="err">\</span><span class="nf">Exception</span><span class="p">(</span><span class="s1">'There was some error while trying to log you in'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In this method we attempt to login the user with the credentials he provided, if the login is successfull we are redirecting them to the intended url, which will be the <code>oauth/authorize</code> with all the query parameters, if not, it will throw an exception.</p> <p>Ok, that was it for the backend, now let's make the SPA.</p> <h3> Frontend <a></a> </h3> <p>Create new nuxt application and select the tools you want to use, I will just use the <code>axios</code> module<br> <code>npx create-nuxt-app &lt;name-of-your-app&gt;</code></p> <p>Then we are going to need the <code>crypto</code> package for encryption<br> <code>npm install crypto-js</code></p> <p>Now replace all the code in <code>pages/index.vue</code> with this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code><span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"container"</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="err">@</span><span class="na">click.prevent=</span><span class="s">"openLoginWindow"</span><span class="nt">&gt;</span>Login<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">import</span> <span class="nx">crypto</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">crypto-js</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="nx">data</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">challenge</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="p">}</span> <span class="p">},</span> <span class="na">computed</span><span class="p">:</span> <span class="p">{</span> <span class="nx">loginUrl</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">http://your-url/oauth/authorize?client_id=1&amp;redirect_uri=http://localhost:3000/auth&amp;response_type=code&amp;scope=*&amp;state=</span><span class="dl">'</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">&amp;code_challenge=</span><span class="dl">'</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="nx">challenge</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">&amp;code_challenge_method=S256</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">mounted</span><span class="p">()</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">origin</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span> <span class="o">||</span> <span class="o">!</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">keys</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">data</span><span class="p">).</span><span class="nx">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">access_token</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">token_type</span><span class="p">,</span> <span class="nx">expires_in</span><span class="p">,</span> <span class="nx">access_token</span><span class="p">,</span> <span class="nx">refresh_token</span><span class="p">}</span> <span class="o">=</span> <span class="nx">e</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nx">setToken</span><span class="p">(</span><span class="nx">access_token</span><span class="p">,</span> <span class="nx">token_type</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nx">$get</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://passport-pkce.web/api/user</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">resp</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">resp</span><span class="p">);</span> <span class="p">})</span> <span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">createRandomString</span><span class="p">(</span><span class="mi">40</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">verifier</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">createRandomString</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">challenge</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">base64Url</span><span class="p">(</span><span class="nx">crypto</span><span class="p">.</span><span class="nx">SHA256</span><span class="p">(</span><span class="nx">verifier</span><span class="p">));</span> <span class="nb">window</span><span class="p">.</span><span class="nx">localStorage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">state</span><span class="dl">'</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span><span class="p">);</span> <span class="nb">window</span><span class="p">.</span><span class="nx">localStorage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">verifier</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifier</span><span class="p">);</span> <span class="p">},</span> <span class="na">methods</span><span class="p">:</span> <span class="p">{</span> <span class="nx">openLoginWindow</span><span class="p">()</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">open</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">loginUrl</span><span class="p">,</span> <span class="dl">'</span><span class="s1">popup</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">width=700,height=700</span><span class="dl">'</span><span class="p">);</span> <span class="p">},</span> <span class="nx">createRandomString</span><span class="p">(</span><span class="nx">num</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[...</span><span class="nb">Array</span><span class="p">(</span><span class="nx">num</span><span class="p">)].</span><span class="nx">map</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nb">Math</span><span class="p">.</span><span class="nx">random</span><span class="p">().</span><span class="nx">toString</span><span class="p">(</span><span class="mi">36</span><span class="p">)[</span><span class="mi">2</span><span class="p">]).</span><span class="nx">join</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="p">},</span> <span class="nx">base64Url</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="nx">crypto</span><span class="p">.</span><span class="nx">enc</span><span class="p">.</span><span class="nx">Base64</span><span class="p">)</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\+</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">-</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\/</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">'</span><span class="s1">_</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/=/g</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> </code></pre> </div> <p>Let me explain what's going on in here</p> <ul> <li>Creating the template, nothing fancy going on in here, we are creating a button and attaching <code>onClick</code> event that will trigger some function.</li> <li>In the <code>mounted</code> event, we are binding an event listener to the window that we are going to use later, we are setting <code>state</code> to be some random 40 characters string, we are creating <code>verifier</code> that will be some random 128 character string, and then we are setting the <code>challenge</code>. The <code>challenge</code> is <code>SHA256</code> encrypted <code>verifier</code> string converted to <code>base64</code> string. And we are setting the <code>state</code> and the <code>verifier</code> in the <code>localStorage</code>.</li> <li>Then we have some methods that we've defined.</li> </ul> <p>Now the flow look like this</p> <ol> <li>User clicks on the <code>login</code> button</li> <li>On click it triggers a <code>openLoginWindow</code> function, which opens new popup window for the provided url <ul> <li> <code>this.loginUrl</code> is a computed property that holds the url on which we want to authorize our app. It consist of base url (<code>http://your-url/</code>), the route for the authorization (<code>oauth/authorize</code> - this is the route that passport provides for us) and query parameters that we need to pass (you can look for them in the passports documentation): <code>client_id</code>, <code>redirect_uri</code>, <code>response_type</code>, <code>scope</code>, <code>state</code>, <code>code_challenge</code> and <code>code_challenge_method</code>.</li> </ul> </li> <li>The popup opens, and since we are not logged in and the <code>oauth/authorize</code> route is protected by <code>auth</code> middleware, we are redirected to the <code>login</code> page, but out intended url is saved in session.</li> <li>After we submit our credentials and we are successfully logged in, we are the redirected to out intended url (which is the <code>oauth/authorize</code> with all the query parameters).</li> <li>And if the query parameters are good, we are redirected to the <code>redirect_url</code> that we specified (in my case <code>http://localhost:3000/auth</code>), with <code>state</code> and <code>code</code> in the response.</li> <li>On the <code>auth</code> page, that we are going to create, we need to check if the <code>state</code> returned from Laravel is the same as the <code>state</code> that we've saved in the <code>localStorage</code>, if it is we are going to make a <code>post</code> request to <code>http://your-url/oauth/token</code> with query parameters: <code>grant_type</code>, <code>client_id</code>, <code>redirect_uri</code>, <code>code_verifier</code> (this is the <code>verifier</code> that we stored in the <code>localStorage</code>) and <code>code</code> (that was returned by laravel).</li> <li>If everything is ok, we're going to emmit an event (we're listening for that event in our <code>index</code> page) with the response provided by laraavel, in that response is our <code>token</code>.</li> <li>The event listener function is called and we are setting the token on our <code>axios</code> instance.</li> </ol> <p>Let's make our <code>auth</code> page so that everything becomes more clear. In <code>pages</code> create new page <code>auth.vue</code> and put this inside<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code><span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;h1&gt;</span>Logging in...<span class="nt">&lt;/h1&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="nx">mounted</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">urlParams</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">URLSearchParams</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">code</span> <span class="o">=</span> <span class="nx">urlParams</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">code</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nx">urlParams</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">state</span><span class="dl">'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">code</span> <span class="o">&amp;&amp;</span> <span class="nx">state</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">state</span> <span class="o">===</span> <span class="nb">window</span><span class="p">.</span><span class="nx">localStorage</span><span class="p">.</span><span class="nx">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">state</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">authorization_code</span><span class="dl">'</span><span class="p">,</span> <span class="na">client_id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">redirect_uri</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000/auth</span><span class="dl">'</span><span class="p">,</span> <span class="na">code_verifier</span><span class="p">:</span> <span class="nb">window</span><span class="p">.</span><span class="nx">localStorage</span><span class="p">.</span><span class="nx">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">verifier</span><span class="dl">'</span><span class="p">),</span> <span class="nx">code</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nx">$post</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://pkce-back.web/oauth/token</span><span class="dl">'</span><span class="p">,</span> <span class="nx">params</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">resp</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">opener</span><span class="p">.</span><span class="nx">postMessage</span><span class="p">(</span><span class="nx">resp</span><span class="p">);</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nx">removeItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">state</span><span class="dl">'</span><span class="p">);</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nx">removeItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">verifier</span><span class="dl">'</span><span class="p">);</span> <span class="nb">window</span><span class="p">.</span><span class="nx">close</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">e</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">dir</span><span class="p">(</span><span class="nx">e</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> </code></pre> </div> <p>Everything in here is explained in the 6th and 7th step. But once again, we are getting the <code>state</code> and <code>code</code> from the url, we are checking if the <code>state</code> from the url and the <code>state</code> we've stored in the <code>localStorage</code> are the same, if they are, make a <code>post</code> request to <code>oauth/token</code> with the required parameters and on success, emit an event and pass the laravel response which contains the token.</p> <p>That's it, that's all you have to do, of course this is a basic example, your <code>access_token</code> should be short-lived and it should be stored in the cookies, and your <code>refresh_token</code> should be long-lived and it should be set in <code>httponly</code> cookie in order to secure your application. This was relatively short post to cover all of that, but if you want to know more, you can look at my other post <a href="https://dev.to/stefant123/secure-authentication-in-nuxt-spa-with-laravel-as-back-end-19a9">Secure authentication in Nuxt SPA with Laravel as back-end</a>, where I cover these things.</p> <p>If you have any questions or suggestions, please comment below.</p> php javascript laravel security Create filters in Laravel with OOP best practices StefanT123 Tue, 31 Mar 2020 11:58:36 +0000 https://dev.to/stefant123/create-filters-in-laravel-with-oop-best-practices-pm9 https://dev.to/stefant123/create-filters-in-laravel-with-oop-best-practices-pm9 <p>In this post I'll show you how can you create filters in Laravel following good Object-oriented programming principles. </p> <p>Before we begin, keep in mind that you need to have a good understanding of Laravel, OOP and SOLID principles, also you'll need to have Laravel installed on your computer.</p> <h3> Create Laravel project </h3> <p>From the command line go to your apps folder (I keep mine in <code>~/Documents/apps</code>) and create new Laravel project and cd into it.<br> <code>laravel new filters</code><br> <code>cd filters</code></p> <h3> Set up the environment </h3> <p>For this kind of applications I like to use <code>sqlite</code> as my database, because it's so easy to set it up, but you can use some other database provider if you want to.</p> <p>To set up <code>sqlite</code>, edit the <code>DB_CONNECTION</code> in the <code>.env</code> file to <code>sqlite</code> (you can delete all other <code>DB</code> related fields like <code>DB_HOST</code>, <code>DB_PORT</code>, etc.) and make <code>database.sqlite</code> file in the <code>app/database/</code> folder.</p> <p>To create this file, run <br> <code>touch database/database.sqlite</code></p> <p><strong>NOTE</strong>: By default <code>sqlite</code> connection in Laravel is looking for this file, but if you want to change the name of your database, you can override the default by setting <code>DB_DATABASE</code> in the <code>.env</code> file.</p> <h3> Set up the application </h3> <p>Next step is to set up the application. For simplicity this app will only have posts, categories and tags.</p> <p><strong>TIP</strong>: When creating a model in laravel, if you pass <code>-a</code> as argument at the end, it will generate a migration, seeder, factory, and resource controller for the model. Also there are various parameters that you can pass, if you want to see them just run <code>php artisan make:model --help</code>.</p> <p>To create a model for post and all the other files, run <br> <code>php artisan make:model Post -a</code></p> <p>We will do the same for the categories and for the tags.<br> <code>php artisan make:model Category -a</code><br> <code>php artisan make:model Tag -a</code></p> <p>Because one post can have many tags, and one tag can belong to many posts, we are going to need a pivot table between those two models.<br> <code>php artisan make:migration create_post_tag_table</code></p> <h4> Migrations </h4> <p>Ok, now we have everything we need. We can now modify the migrations to suit our needs.</p> <p>In the posts table we'll have <code>title</code>, <code>body</code>, <code>views</code>, <code>user_id</code> so that we can set up a relationship between <code>Post</code> and a <code>User</code>, and <code>category_id</code> because post belongs to a <code>Category</code>.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">Schema</span><span class="o">::</span><span class="na">create</span><span class="p">(</span><span class="s1">'posts'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">string</span><span class="p">(</span><span class="s1">'title'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">text</span><span class="p">(</span><span class="s1">'body'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">integer</span><span class="p">(</span><span class="s1">'views'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">bigInteger</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">unsigned</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">bigInteger</span><span class="p">(</span><span class="s1">'category_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">unsigned</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">timestamps</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">foreign</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">on</span><span class="p">(</span><span class="s1">'users'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">foreign</span><span class="p">(</span><span class="s1">'category_id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">on</span><span class="p">(</span><span class="s1">'categories'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="p">});</span> </code></pre></div> <p><code>categories</code> table will only have a name.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">Schema</span><span class="o">::</span><span class="na">create</span><span class="p">(</span><span class="s1">'categories'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">string</span><span class="p">(</span><span class="s1">'name'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">timestamps</span><span class="p">();</span> <span class="p">});</span> </code></pre></div> <p>The <code>tags</code> table will also have only a name.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">Schema</span><span class="o">::</span><span class="na">create</span><span class="p">(</span><span class="s1">'tags'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">string</span><span class="p">(</span><span class="s1">'name'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">timestamps</span><span class="p">();</span> <span class="p">});</span> </code></pre></div> <p>And our <code>post_tag</code> pivot table will look like this<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">Schema</span><span class="o">::</span><span class="na">create</span><span class="p">(</span><span class="s1">'post_tag'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">primary</span><span class="p">([</span><span class="s1">'post_id'</span><span class="p">,</span> <span class="s1">'tag_id'</span><span class="p">]);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">bigInteger</span><span class="p">(</span><span class="s1">'post_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">unsigned</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">bigInteger</span><span class="p">(</span><span class="s1">'tag_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">unsigned</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">timestamps</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">foreign</span><span class="p">(</span><span class="s1">'post_id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">on</span><span class="p">(</span><span class="s1">'posts'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="na">foreign</span><span class="p">(</span><span class="s1">'tag_id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">on</span><span class="p">(</span><span class="s1">'tags'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="na">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="p">});</span> </code></pre></div> <p>We can now migrate our tables<br> <code>php artisan migrate</code></p> <h4> Models </h4> <p>Next step is to define the relaions in our models.</p> <p>Our <code>Post</code> model belongs to a <code>User</code> and a <code>Category</code>, and it have many to many relationship with <code>Tag</code>. Let's write that<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">Post</span> <span class="k">extends</span> <span class="nx">Model</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">user</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">belongsTo</span><span class="p">(</span><span class="nx">User</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">category</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">belongsTo</span><span class="p">(</span><span class="nx">Category</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">tags</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">belongsToMany</span><span class="p">(</span><span class="nx">Tag</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>The <code>User</code> can have many <code>Post</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">User</span> <span class="k">extends</span> <span class="nx">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nn">Notifiable</span><span class="p">;</span> <span class="c1">// ... [class properties]</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">posts</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">hasMany</span><span class="p">(</span><span class="nx">Post</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p><code>Tag</code> belongs to many <code>Post</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">Tag</span> <span class="k">extends</span> <span class="nx">Model</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">posts</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">belongsToMany</span><span class="p">(</span><span class="nx">Post</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p><code>Category</code> can have many <code>Post</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">Category</span> <span class="k">extends</span> <span class="nx">Model</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">posts</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">belongsToMany</span><span class="p">(</span><span class="nx">Post</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>Now our relationships are all set up.</p> <h4> Factories </h4> <p>In order to quickly generate some dummy data, we will make use of Laravel factories that we've created when we made our models. We can find them in the <code>database/factories</code> folder. We can see there that we have factory for each model. If you don't know what factories are, you can read more in the <a href="https://laravel.com/docs/7.x/seeding#using-model-factories">Laravel documentation</a>.</p> <p>In the <code>categories</code> table we have only a name column, so the <code>CategoryFactory</code> will look like this<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="nv">$factory</span><span class="o">-&gt;</span><span class="na">define</span><span class="p">(</span><span class="nx">Category</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Faker</span> <span class="nv">$faker</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$faker</span><span class="o">-&gt;</span><span class="na">word</span><span class="p">,</span> <span class="p">];</span> <span class="p">});</span> </code></pre></div> <p><strong>NOTE</strong>: Laravel factories are using <a href="https://github.com/fzaninotto/Faker"><code>$faker</code></a> to generate fake data.</p> <p>The <code>posts</code> table must have <code>user_id</code> and <code>category_id</code> (it belongs to a <code>User</code> and it belongs to a <code>Category</code>), so we must represent that in the factory. So for each <code>Post</code> that we're going to make, we are also going to make a <code>User</code> and a <code>Category</code> and assign their id to the <code>posts</code> table. This is the <code>PostFactory</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="nv">$factory</span><span class="o">-&gt;</span><span class="na">define</span><span class="p">(</span><span class="nx">Post</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Faker</span> <span class="nv">$faker</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'title'</span> <span class="o">=&gt;</span> <span class="nv">$faker</span><span class="o">-&gt;</span><span class="na">word</span><span class="p">,</span> <span class="s1">'body'</span> <span class="o">=&gt;</span> <span class="nv">$faker</span><span class="o">-&gt;</span><span class="na">text</span><span class="p">(),</span> <span class="s1">'views'</span> <span class="o">=&gt;</span> <span class="nv">$faker</span><span class="o">-&gt;</span><span class="na">numberBetween</span><span class="p">(</span><span class="mi">1000</span><span class="p">,</span> <span class="mi">9999</span><span class="p">),</span> <span class="s1">'user_id'</span> <span class="o">=&gt;</span> <span class="nx">factory</span><span class="p">(</span><span class="nx">\App\User</span><span class="o">::</span><span class="na">class</span><span class="p">),</span> <span class="c1">// make User and assign the id</span> <span class="s1">'category_id'</span> <span class="o">=&gt;</span> <span class="nx">factory</span><span class="p">(</span><span class="nx">\App\Category</span><span class="o">::</span><span class="na">class</span><span class="p">),</span> <span class="c1">// make Category and assign the id</span> <span class="p">];</span> <span class="p">});</span> </code></pre></div> <p>The <code>TagFactory</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="nv">$factory</span><span class="o">-&gt;</span><span class="na">define</span><span class="p">(</span><span class="nx">Tag</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nx">Faker</span> <span class="nv">$faker</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$faker</span><span class="o">-&gt;</span><span class="na">word</span><span class="p">,</span> <span class="p">];</span> <span class="p">});</span> </code></pre></div> <p>The <code>UserFactory</code> is already provided by Laravel, so we don't have to change anything there.</p> <p>We've made our factories. Now if we want to create a 50 post records, all we need to do is call our post factory<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">factory</span><span class="p">(</span><span class="nx">\App\Post</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="mi">50</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">create</span><span class="p">();</span> </code></pre></div> <p><strong>NOTE</strong>: if we want to override some value in the factory, we can do that in the <code>create()</code> method, we can pass array of key and values. For example:<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">factory</span><span class="p">(</span><span class="nx">\App\Post</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">create</span><span class="p">([</span><span class="s1">'title'</span> <span class="o">=&gt;</span> <span class="s1">'Some title'</span><span class="p">]);</span> </code></pre></div> <p>This will create 2 posts that will have Some title as title.</p> <h4> Seeders </h4> <p>To seed our database with data, we'll use database seeders. We've created them when we created our model. We can find them in <code>database/seeds</code> folder. We have a seeder for each of our models (except for <code>User</code> because we didn't create that model, it comes with Laravel buy default). All we need to do is to set the factory we want to run for each seeder. We are only going to make seeder for <code>Post</code> and <code>Tag</code> models, because in the <code>PostFactory</code> we've set the factory so that it'll generate a <code>User</code> and a <code>Category</code> for each <code>Post</code> that we make.</p> <p>In the <code>PostSeeder</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">PostSeeder</span> <span class="k">extends</span> <span class="nx">Seeder</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span> <span class="nx">factory</span><span class="p">(</span><span class="nx">\App\Post</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="mi">20</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">create</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>In the <code>TagSeeder</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">TagSeeder</span> <span class="k">extends</span> <span class="nx">Seeder</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span> <span class="nx">factory</span><span class="p">(</span><span class="nx">\App\Tag</span><span class="o">::</span><span class="na">class</span><span class="p">,</span> <span class="mi">20</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">create</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>And we have to instruct Laravel to use this seeders when seeding the default data. In the <code>DatabaseSeeder</code> put this<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [namespace and imports]</span> <span class="kd">class</span> <span class="nc">DatabaseSeeder</span> <span class="k">extends</span> <span class="nx">Seeder</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// $this-&gt;call(UserSeeder::class);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">call</span><span class="p">(</span><span class="nx">PostSeeder</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">call</span><span class="p">(</span><span class="nx">TagSeeder</span><span class="o">::</span><span class="na">class</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>We can now seed our database with data<br> <code>php artisan db:seed</code></p> <p>This will create 20 posts, 20 users, 20 categories and 20 tags.</p> <h3> Making filters </h3> <p>Ok, so now we've come to the most important part of this article, making the filters.</p> <p>What we want to do here is to filter the posts, so let's begin with that. In my <code>Post</code> model I'll add new method <code>filterBy</code>, and because we know that we're going to use Laravel query builder, we can make that method local scope. If you don't know what local scope is you can read the documentation about <a href="https://laravel.com/docs/7.x/eloquent#local-scopes">local scopes</a>. </p> <p>In a nutshell, it's just a way to add a constraint to the existing query. To set a method as a scope, all we need to do is to prefix it with <code>scope</code>. </p> <p>So our <code>filterBy</code> method will now be <code>scopeFilterBy</code> and the first argument of this function is the <code>$query</code>, then we can pass whatever we want as an argument. In our case we want to pass all the filters, so our second argument will be <code>$filters</code>.</p> <p>Now in that method I will write how I want my API to look like. Keep in mind that none of this that I'm going to write doesn't exist yet. It's just a way for me to know how I want to interact with my API. And I know that I want to get my filters from the request.</p> <p>I will have something like this <code>http://some.url/posts?title=something</code>, so the filters will be passed as array <code>[title =&gt; something]</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kd">class</span> <span class="nc">Post</span> <span class="k">extends</span> <span class="nx">Model</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">scopeFilterBy</span><span class="p">(</span><span class="nv">$query</span><span class="p">,</span> <span class="nv">$filters</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$namespace</span> <span class="o">=</span> <span class="s1">'App\Utilities\PostFilters'</span><span class="p">;</span> <span class="nv">$filter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">FilterBuilder</span><span class="p">(</span><span class="nv">$query</span><span class="p">,</span> <span class="nv">$filters</span><span class="p">,</span> <span class="nv">$namespace</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$filter</span><span class="o">-&gt;</span><span class="na">apply</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>Basically I want to have a class with a name <code>FilterBuilder</code> that will accept <code>$query</code>, <code>$filters</code> and <code>$namespace</code> (this will be the folder in which I will put all my filters) and in that class I'll have a method called <code>apply()</code> where I will do the filtering and I'll return the query builder.</p> <p>Ok, now we know how our API should look like, let's build it.</p> <p>In the <code>app</code> directory create a new folder, I'll name that folder <code>Utilities</code>, but you can name it whatever you want, it doesn't matter, in the end it all comes down to preference.</p> <p>In that folder create <code>FilterBuilder.php</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">FilterBuilder</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$query</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$filters</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$namespace</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">__construct</span><span class="p">(</span><span class="nv">$query</span><span class="p">,</span> <span class="nv">$filters</span><span class="p">,</span> <span class="nv">$namespace</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span> <span class="o">=</span> <span class="nv">$query</span><span class="p">;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">filters</span> <span class="o">=</span> <span class="nv">$filters</span><span class="p">;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">namespace</span> <span class="o">=</span> <span class="nv">$namespace</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">apply</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>Let's think how do we want our filter to work, but we must keep in mind that we want our filter to be made according to SOLID principles. Ultimately I want to make this class, and make sure to never touch it again. We can do that if make the abstraction good enough. At the end what we want this class to do, is to just loop through various classes that represent our filters. That way if we want to add some filter, all we need to do is to make new class. That's it. Let's make that.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="c1">// ... [other code in the class]</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">apply</span><span class="p">()</span> <span class="p">{</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="na">filters</span> <span class="k">as</span> <span class="nv">$name</span> <span class="o">=&gt;</span> <span class="nv">$value</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$normailizedName</span> <span class="o">=</span> <span class="nb">ucfirst</span><span class="p">(</span><span class="nv">$name</span><span class="p">);</span> <span class="nv">$class</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">namespace</span> <span class="o">.</span> <span class="s2">"</span><span class="se">\\</span><span class="si">{</span><span class="nv">$normailizedName</span><span class="si">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span> <span class="nb">class_exists</span><span class="p">(</span><span class="nv">$class</span><span class="p">))</span> <span class="p">{</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="nb">strlen</span><span class="p">(</span><span class="nv">$value</span><span class="p">))</span> <span class="p">{</span> <span class="p">(</span><span class="k">new</span> <span class="nv">$class</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="p">))</span><span class="o">-&gt;</span><span class="na">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="p">(</span><span class="k">new</span> <span class="nv">$class</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="p">))</span><span class="o">-&gt;</span><span class="na">handle</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="p">;</span> <span class="p">}</span> </code></pre></div> <p>Let me explain what's going on in that method:</p> <ol> <li>Loop through each filters that we passed (we are going to get the filters from the request as array <code>[title =&gt; something]</code>)</li> <li>Capitalize the first letter of the name of the filter (<code>title</code> -&gt; <code>Title</code>) and append it to the provided namespace (<code>App\Utilities\PostFilters\Title</code>)</li> <li>Check if that class exist, if not, continue</li> <li>If the class exist, check if <code>$value</code> is provided (<code>?title=something</code>), <ul> <li>if it is, instantiate the class with the query, and call <code>handle()</code> method with the <code>$value</code> as parameter</li> <li>if not, instantiate the class and call <code>handle()</code> without any parameter (this is for sorting, for example if we want to sort them by popularity <code>http://some.url/posts?title=something&amp;popular</code>)</li> </ul> </li> <li>Return the query</li> </ol> <p>We have defined how this class should filter. Now we need to make the filters and make them adhere to the same contract.</p> <p>In the <code>app/Utilities</code> make new file that will be our interface <code>FilterContract.php</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities</span><span class="p">;</span> <span class="kd">interface</span> <span class="nc">FilterContract</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span><span class="o">:</span> <span class="kt">void</span><span class="p">;</span> <span class="p">}</span> </code></pre></div> <p>Make new folder in <code>app/Utilities</code> called <code>PostFilters</code>, that's the namespace that we passed in the <code>FilterBuilder</code>, <code>App\Utilities\PostFilters</code>, remember?!</p> <p>In there we can now add our filters, each as separate class. We want to filter our posts by title, ok, we just have to create new file in <code>app/Utilities/PostFilters</code> called <code>Title.php</code> that will implement <code>FilterContract</code> and put our filtering logic in there.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities\PostFilters</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\FilterContract</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Title</span> <span class="k">implements</span> <span class="nx">FilterContract</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$query</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">__construct</span><span class="p">(</span><span class="nv">$query</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span> <span class="o">=</span> <span class="nv">$query</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span><span class="o">:</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="o">-&gt;</span><span class="na">where</span><span class="p">(</span><span class="s1">'title'</span><span class="p">,</span> <span class="nv">$value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>That's all we have to do, we have to accept the query in the constructor, and make a <code>handle</code> method that will filter the posts by some logic. Very simple. And the best part is that if we want to add another filter, all we have to do is to add another class. We can use our filter like this<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">App\Post</span><span class="o">::</span><span class="na">filterBy</span><span class="p">(</span><span class="nx">request</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">all</span><span class="p">())</span><span class="o">-&gt;</span><span class="na">get</span><span class="p">();</span> </code></pre></div> <p>The url should look something like this <code>http://some.url/post?title=something</code></p> <p>What if we want to filter posts by category or by tag? No big deal, just make new file <code>Tag.php</code> and put your filtering logic there.<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities\PostFilters</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\FilterContract</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Tag</span> <span class="k">implements</span> <span class="nx">FilterContract</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$query</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">__construct</span><span class="p">(</span><span class="nv">$query</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span> <span class="o">=</span> <span class="nv">$query</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span><span class="o">:</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="o">-&gt;</span><span class="na">whereHas</span><span class="p">(</span><span class="s1">'tags'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nv">$q</span><span class="p">)</span> <span class="nx">use</span> <span class="p">(</span><span class="nv">$value</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$q</span><span class="o">-&gt;</span><span class="na">where</span><span class="p">(</span><span class="s1">'name'</span><span class="p">,</span> <span class="nv">$value</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>Now we can filter posts by tag, just eager load them, and call the <code>filterBy()</code><br> </p> <div class="highlight"><pre class="highlight php"><code><span class="nx">App\Post</span><span class="o">::</span><span class="na">with</span><span class="p">(</span><span class="s1">'tags'</span><span class="p">)</span><span class="o">-&gt;</span><span class="na">filterBy</span><span class="p">(</span><span class="nx">request</span><span class="p">()</span><span class="o">-&gt;</span><span class="na">all</span><span class="p">())</span><span class="o">-&gt;</span><span class="na">get</span><span class="p">();</span> </code></pre></div> <p>The url should look something like this <code>http://some.url/post?tag=some-tag</code></p> <p>That's it, we're done.</p> <p>Last thing we could do is to extract that repeating logic in the filter classes into abstract class.</p> <p>Make <code>QueryFilter.php</code> file in <code>app/Utilities</code> and add only the constructor<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities</span><span class="p">;</span> <span class="k">abstract</span> <span class="kd">class</span> <span class="nc">QueryFilter</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$query</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">__construct</span><span class="p">(</span><span class="nv">$query</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span> <span class="o">=</span> <span class="nv">$query</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>Now <code>Title</code> and <code>Tag</code> class won't have a consturctor on their own, but they will extend the <code>QueryFilter</code> class.</p> <p><code>Title</code> class<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities\PostFilters</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\QueryFilter</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\FilterContract</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Title</span> <span class="k">extends</span> <span class="nx">QueryFilter</span> <span class="k">implements</span> <span class="nx">FilterContract</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span><span class="o">:</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="o">-&gt;</span><span class="na">where</span><span class="p">(</span><span class="s1">'title'</span><span class="p">,</span> <span class="nv">$value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p><code>Tag</code> class<br> </p> <div class="highlight"><pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Utilities\PostFilters</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\QueryFilter</span><span class="p">;</span> <span class="kn">use</span> <span class="nn">App\Utilities\FilterContract</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Tag</span> <span class="k">extends</span> <span class="nx">QueryFilter</span> <span class="k">implements</span> <span class="nx">FilterContract</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="nf">handle</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span><span class="o">:</span> <span class="kt">void</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">query</span><span class="o">-&gt;</span><span class="na">whereHas</span><span class="p">(</span><span class="s1">'tags'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="nv">$q</span><span class="p">)</span> <span class="nx">use</span> <span class="p">(</span><span class="nv">$value</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$q</span><span class="o">-&gt;</span><span class="na">where</span><span class="p">(</span><span class="s1">'name'</span><span class="p">,</span> <span class="nv">$value</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre></div> <p>And there we go, we now have a working filter. </p> <p>If you want to add filter to some other model, just create <code>app/Utilities/[Model]Filters</code> folder, and add your filters there. Then make <code>filterBy</code> method in your model, and done.</p> <p>All the code is available on github on this <a href="https://github.com/StefanT123/laravel-filter">link</a></p> <p>Thank you for reading and if you have any questions or if you think that something can be improved, please comment below.</p> php laravel Secure authentication in Nuxt SPA with Laravel as back-end StefanT123 Wed, 15 Jan 2020 14:17:51 +0000 https://dev.to/stefant123/secure-authentication-in-nuxt-spa-with-laravel-as-back-end-19a9 https://dev.to/stefant123/secure-authentication-in-nuxt-spa-with-laravel-as-back-end-19a9 <p>This past period I was working on some project that included building Single Page Application in Nuxt that was on one domain, and building API in Laravel that was on some other sub-domain. When the API was built, and it was time to make the front-end I was trying to make the authentication system properly and with security in mind. There are many articles out there on this subject, but I couldn't find any that was touching security of the application.</p> <p>TL;DR Please don't store your tokens in LocalStorage, or any other sensitive information, as it can be accessed by any javascript code on your page and that makes you vulnerable to XSS attack.</p> <p>TL;DR If you just want to see the code, here are github links</p> <ul> <li><a href="https://github.com/StefanT123/auth-api" rel="noopener noreferrer">Laravel API</a></li> <li><a href="https://github.com/StefanT123/auth-spa-frontend" rel="noopener noreferrer">Nuxt SPA</a></li> </ul> <p>The authentication flow will be as follow:</p> <ol> <li>The user enters his username and password.</li> <li>If the credentials are valid, we are saving the refresh token in an <code>httponly</code> cookie.</li> <li>The user sets the access token in the cookie, please note that this is normal cookie, which has expiration time of 5 minutes.</li> <li>After the access token has been expired, we will refresh the access token if the user has the valid refresh token set.</li> <li>Access token is refreshed, and new access token and refresh token are assigned to the user.</li> </ol> <p>In this post I will give you a complete guidance on how to make securely authentication system for Single Page Applications.</p> <h3> Making the Laravel back-end </h3> <p>I assume that you have composer and laravel installed on your machine, if you don't, just follow their documentation.</p> <h4> Setting Laravel Passport </h4> <p>Create new laravel project and cd into it <code>laravel new auth-api &amp;&amp; cd auth-api</code>.</p> <p>We will use Laravel Passport which provides a full OAuth2 server implementation for your Laravel application. I know that Passport might be overkill for some small to medium applications, but I think it's worth it.</p> <p>Next we'll install Passport with composer <code>composer require laravel/passport</code>.</p> <p>Set your <code>.env</code> variables for the database. For this example I'll use sqlite.</p> <p>If you follow along, change the <code>DB_CONNECTION</code> variable to use the sqlite in <code>.env</code> like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ... DB_CONNECTION=sqlite ... </code></pre> </div> <p>Make the <code>database.sqlite</code> file with <code>touch database/database.sqlite</code>.</p> <p>Run the migrations with <code>php artisan migrate</code>. The Passport migrations will create the tables your application needs to store clients and access tokens.</p> <p>Next, run the <code>php artisan passport:install</code> command. This command will create the encryption keys needed to generate secure access tokens. After you run this command you will see that "personal access" and "password grant" clients are created and you can see their Client ID and Client secret, we will store these in <code>.env</code> file. In this post we will use only the password grant client, but we will store both of them for convenience.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ... PERSONAL_CLIENT_ID=1 PERSONAL_CLIENT_SECRET={your secret} PASSWORD_CLIENT_ID=2 PASSWORD_CLIENT_SECRET={your secret} ... </code></pre> </div> <p>Then we will add the "password client" id and secret to the <code>config/services.php</code> so we can use them later in our code:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="s1">'passport'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'password_client_id'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'PASSWORD_CLIENT_ID'</span><span class="p">),</span> <span class="s1">'password_client_secret'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'PASSWORD_CLIENT_SECRET'</span><span class="p">),</span> <span class="p">],</span> </code></pre> </div> <p>In the <code>config/auth.php</code> set the api guard driver as passport</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="s1">'guards'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'web'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'session'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="p">],</span> <span class="s1">'api'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'passport'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="s1">'hash'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">],</span> <span class="p">],</span> <span class="mf">...</span> </code></pre> </div> <p>Next step is to add <code>Laravel\Passport\HasApiTokens</code> trait to your <code>App\User</code> model</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Passport\HasApiTokens</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Notifications\Notifiable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Foundation\Auth\User</span> <span class="k">as</span> <span class="nc">Authenticatable</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">Notifiable</span><span class="p">,</span> <span class="nc">HasApiTokens</span><span class="p">;</span> <span class="mf">...</span> <span class="p">}</span> </code></pre> </div> <p>Don't forget to import the trait at the top.</p> <p>The last step is to register passport routes. In the <code>AuthServiceProvider</code> in the <code>boot</code> method add this and import <code>Laravel\Passport\Passport</code> at the top.</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">boot</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">registerPolicies</span><span class="p">();</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">routes</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$router</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forAccessTokens</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forPersonalAccessTokens</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forTransientTokens</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>We are only registering the routes that we need, if for some reason you want to register all passport routes, don't pass a closure, just add <code>Passport::routes()</code>.</p> <p>If you run <code>php artisan route:list | grep oauth</code> you should see the oauth routes. It should look like this<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fo1thdbzp8p9jpqubexf8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fo1thdbzp8p9jpqubexf8.png" alt="routes"></a></p> <p><strong>Now this is very important, we're going to set the expiration time for the tokens. In order to properly secure our app, we'll set the access token expiration time to 5 minutes, and the refresh token expiration time to 10 days.</strong> </p> <p>In the <code>AuthServiceProvider</code> in <code>boot</code> method we add the expirations. Now the <code>boot</code> method should look like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">boot</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">registerPolicies</span><span class="p">();</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">routes</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$router</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forAccessTokens</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forPersonalAccessTokens</span><span class="p">();</span> <span class="nv">$router</span><span class="o">-&gt;</span><span class="nf">forTransientTokens</span><span class="p">();</span> <span class="p">});</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">tokensExpireIn</span><span class="p">(</span><span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addMinutes</span><span class="p">(</span><span class="mi">5</span><span class="p">));</span> <span class="nc">Passport</span><span class="o">::</span><span class="nf">refreshTokensExpireIn</span><span class="p">(</span><span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addDays</span><span class="p">(</span><span class="mi">10</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>That's all we have to do regarding the Passport. Next thing we are going to do, is we are going to set our API.</p> <h4> Setting CORS </h4> <p>In order to access our API from our front-end that is on different domain, we need to set CORS middleware.</p> <p>Run <code>php artisan make:middleware Cors</code>.</p> <p>Then in <code>app/Http/Middleware/Cors.php</code> change the <code>handle</code> method like this</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">handle</span><span class="p">(</span><span class="nv">$request</span><span class="p">,</span> <span class="kt">Closure</span> <span class="nv">$next</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$allowedOrigins</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'http://localhost:3000'</span><span class="p">,</span> <span class="p">];</span> <span class="nv">$requestOrigin</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="n">headers</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span><span class="s1">'origin'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nb">in_array</span><span class="p">(</span><span class="nv">$requestOrigin</span><span class="p">,</span> <span class="nv">$allowedOrigins</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$next</span><span class="p">(</span><span class="nv">$request</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nb">header</span><span class="p">(</span><span class="s1">'Access-Control-Allow-Origin'</span><span class="p">,</span> <span class="nv">$requestOrigin</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nb">header</span><span class="p">(</span><span class="s1">'Access-Control-Allow-Methods'</span><span class="p">,</span> <span class="s1">'GET, POST, PUT, DELETE'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nb">header</span><span class="p">(</span><span class="s1">'Access-Control-Allow-Credentials'</span><span class="p">,</span> <span class="s1">'true'</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nb">header</span><span class="p">(</span><span class="s1">'Access-Control-Allow-Headers'</span><span class="p">,</span> <span class="s1">'Content-Type, Authorization'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$next</span><span class="p">(</span><span class="nv">$request</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Here we are checking if the request origin is in the array of the allowed origins, if it is, we are setting the proper headers.</p> <p>Now we just need to register this middleware. In <code>app/Http/Kernel.php</code> add the middleware</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">protected</span> <span class="nv">$middleware</span> <span class="o">=</span> <span class="p">[</span> <span class="nc">\App\Http\Middleware\TrustProxies</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\CheckForMaintenanceMode</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\Illuminate\Foundation\Http\Middleware\ValidatePostSize</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\TrimStrings</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\Cors</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="p">];</span> <span class="mf">...</span> </code></pre> </div> <p>That's it, pretty simple.</p> <h4> Making the API </h4> <p>In the <code>routes/api.php</code> file we are going to register the routes that we are going to use. Delete everything there, and add this:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'guest'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">group</span><span class="p">(</span><span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'register'</span><span class="p">,</span> <span class="s1">'AuthController@register'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'register'</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'login'</span><span class="p">,</span> <span class="s1">'AuthController@login'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'login'</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'refresh-token'</span><span class="p">,</span> <span class="s1">'AuthController@refreshToken'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'refreshToken'</span><span class="p">);</span> <span class="p">});</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'auth:api'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">group</span><span class="p">(</span><span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'logout'</span><span class="p">,</span> <span class="s1">'AuthController@logout'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'logout'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>We need to create the <code>AuthController</code> run <code>php artisan make:controller AuthController</code>.</p> <p>In the <code>App\Http\Controllers\AuthController</code> we will add the methods that we need. It should look like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Http\Controllers</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">register</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">login</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">refreshTo</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">logout</span><span class="p">()</span> <span class="p">{</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In order for this to work we need to make a proxy that will make request to our own API. It might seems confusing at first but once we're done it will make perfect sense.</p> <p>We'll make new folder in the app directory called Utilities. In the <code>app/Utilities</code> make new php file <code>ProxyRequest.php</code></p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Utilities</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">ProxyRequest</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>Now we need to inject the <code>App\Utilities\ProxyRequest</code> in the constructor of the <code>App\Http\Controllers\AuthController</code></p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Http\Controllers</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Utilities\ProxyRequest</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$proxy</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="kt">ProxyRequest</span> <span class="nv">$proxy</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">proxy</span> <span class="o">=</span> <span class="nv">$proxy</span><span class="p">;</span> <span class="p">}</span> <span class="mf">...</span> </code></pre> </div> <p>In the <code>App\Utilities\ProxyRequest</code> we will add some methods for granting token and for refreshing the token. Add the following and then I'll explain what each method does</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Utilities</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">ProxyRequest</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">grantPasswordToken</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$email</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$password</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'grant_type'</span> <span class="o">=&gt;</span> <span class="s1">'password'</span><span class="p">,</span> <span class="s1">'username'</span> <span class="o">=&gt;</span> <span class="nv">$email</span><span class="p">,</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="nv">$password</span><span class="p">,</span> <span class="p">];</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">makePostRequest</span><span class="p">(</span><span class="nv">$params</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">refreshAccessToken</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$refreshToken</span> <span class="o">=</span> <span class="nf">request</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">cookie</span><span class="p">(</span><span class="s1">'refresh_token'</span><span class="p">);</span> <span class="nf">abort_unless</span><span class="p">(</span><span class="nv">$refreshToken</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="s1">'Your refresh token is expired.'</span><span class="p">);</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'grant_type'</span> <span class="o">=&gt;</span> <span class="s1">'refresh_token'</span><span class="p">,</span> <span class="s1">'refresh_token'</span> <span class="o">=&gt;</span> <span class="nv">$refreshToken</span><span class="p">,</span> <span class="p">];</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">makePostRequest</span><span class="p">(</span><span class="nv">$params</span><span class="p">);</span> <span class="p">}</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">makePostRequest</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$params</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$params</span> <span class="o">=</span> <span class="nb">array_merge</span><span class="p">([</span> <span class="s1">'client_id'</span> <span class="o">=&gt;</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'services.passport.password_client_id'</span><span class="p">),</span> <span class="s1">'client_secret'</span> <span class="o">=&gt;</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'services.passport.password_client_secret'</span><span class="p">),</span> <span class="s1">'scope'</span> <span class="o">=&gt;</span> <span class="s1">'*'</span><span class="p">,</span> <span class="p">],</span> <span class="nv">$params</span><span class="p">);</span> <span class="nv">$proxy</span> <span class="o">=</span> <span class="nc">\Request</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'oauth/token'</span><span class="p">,</span> <span class="s1">'post'</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nf">app</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">handle</span><span class="p">(</span><span class="nv">$proxy</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">getContent</span><span class="p">());</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">setHttpOnlyCookie</span><span class="p">(</span><span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">refresh_token</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$resp</span><span class="p">;</span> <span class="p">}</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">setHttpOnlyCookie</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$refreshToken</span><span class="p">)</span> <span class="p">{</span> <span class="nf">cookie</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">queue</span><span class="p">(</span> <span class="s1">'refresh_token'</span><span class="p">,</span> <span class="nv">$refreshToken</span><span class="p">,</span> <span class="mi">14400</span><span class="p">,</span> <span class="c1">// 10 days</span> <span class="kc">null</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="kc">true</span> <span class="c1">// httponly</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><code>ProxyRequest</code> methods:</p> <ul> <li> <code>grantPasswordToken</code> - not much happens in this method, we are just setting the parameters needed for Passport "password grant" and make POST request.</li> <li> <code>refreshAccessToken</code> - we are checking if the request contains refresh_token if it does we are setting the parameters for refreshing the token and make POST request, if the refresh_token does not exist we abort with 403 status.</li> <li> <code>makePostRequest</code> - this is the key method of this class. <ul> <li>We are setting client_id and client_secret from the config, and we are merging additional parameters that are passed as argument</li> <li>Then we are making internal POST request to the Passport routes with the needed parameters</li> <li>We are json decoding the response</li> <li>Set the <code>httponly</code> cookie with refresh_token</li> <li>Return the response</li> </ul> </li> <li> <code>setHttpOnlyCookie</code> - set the <code>httponly</code> cookie with refresh_token in the response.</li> </ul> <p>In order to queue the cookies for the response we need to add middleware. In <code>app/Http/Kernel.php</code> add <code>\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class</code> like this</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">protected</span> <span class="nv">$middleware</span> <span class="o">=</span> <span class="p">[</span> <span class="nc">\App\Http\Middleware\CheckForMaintenanceMode</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\Illuminate\Foundation\Http\Middleware\ValidatePostSize</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\TrimStrings</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\TrustProxies</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\App\Http\Middleware\Cors</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="nc">\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="p">];</span> <span class="mf">...</span> </code></pre> </div> <p>Now to make the <code>App\Http\Controllers\AuthController</code> methods. Don't forget to import the <code>App\User</code>.</p> <p>In the <code>register</code> method, add this</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">register</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">(</span><span class="nf">request</span><span class="p">(),</span> <span class="p">[</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="s1">'required'</span><span class="p">,</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="s1">'required|email'</span><span class="p">,</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="s1">'required'</span><span class="p">,</span> <span class="p">]);</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">create</span><span class="p">([</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nf">request</span><span class="p">(</span><span class="s1">'name'</span><span class="p">),</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="nf">request</span><span class="p">(</span><span class="s1">'email'</span><span class="p">),</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="nf">bcrypt</span><span class="p">(</span><span class="nf">request</span><span class="p">(</span><span class="s1">'password'</span><span class="p">)),</span> <span class="p">]);</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">proxy</span><span class="o">-&gt;</span><span class="nf">grantPasswordToken</span><span class="p">(</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">email</span><span class="p">,</span> <span class="nf">request</span><span class="p">(</span><span class="s1">'password'</span><span class="p">)</span> <span class="p">);</span> <span class="k">return</span> <span class="nf">response</span><span class="p">([</span> <span class="s1">'token'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">access_token</span><span class="p">,</span> <span class="s1">'expiresIn'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">expires_in</span><span class="p">,</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'Your account has been created'</span><span class="p">,</span> <span class="p">],</span> <span class="mi">201</span><span class="p">);</span> <span class="p">}</span> <span class="mf">...</span> </code></pre> </div> <p>In the <code>login</code> method, add this</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">login</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">where</span><span class="p">(</span><span class="s1">'email'</span><span class="p">,</span> <span class="nf">request</span><span class="p">(</span><span class="s1">'email'</span><span class="p">))</span><span class="o">-&gt;</span><span class="nf">first</span><span class="p">();</span> <span class="nf">abort_unless</span><span class="p">(</span><span class="nv">$user</span><span class="p">,</span> <span class="mi">404</span><span class="p">,</span> <span class="s1">'This combination does not exists.'</span><span class="p">);</span> <span class="nf">abort_unless</span><span class="p">(</span> <span class="nc">\Hash</span><span class="o">::</span><span class="nf">check</span><span class="p">(</span><span class="nf">request</span><span class="p">(</span><span class="s1">'password'</span><span class="p">),</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">password</span><span class="p">),</span> <span class="mi">403</span><span class="p">,</span> <span class="s1">'This combination does not exists.'</span> <span class="p">);</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">proxy</span> <span class="o">-&gt;</span><span class="nf">grantPasswordToken</span><span class="p">(</span><span class="nf">request</span><span class="p">(</span><span class="s1">'email'</span><span class="p">),</span> <span class="nf">request</span><span class="p">(</span><span class="s1">'password'</span><span class="p">));</span> <span class="k">return</span> <span class="nf">response</span><span class="p">([</span> <span class="s1">'token'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">access_token</span><span class="p">,</span> <span class="s1">'expiresIn'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">expires_in</span><span class="p">,</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'You have been logged in'</span><span class="p">,</span> <span class="p">],</span> <span class="mi">200</span><span class="p">);</span> <span class="p">}</span> <span class="mf">...</span> </code></pre> </div> <p>The <code>refreshToken</code> method</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">refreshToken</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">proxy</span><span class="o">-&gt;</span><span class="nf">refreshAccessToken</span><span class="p">();</span> <span class="k">return</span> <span class="nf">response</span><span class="p">([</span> <span class="s1">'token'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">access_token</span><span class="p">,</span> <span class="s1">'expiresIn'</span> <span class="o">=&gt;</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="n">expires_in</span><span class="p">,</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'Token has been refreshed.'</span><span class="p">,</span> <span class="p">],</span> <span class="mi">200</span><span class="p">);</span> <span class="p">}</span> <span class="mf">...</span> </code></pre> </div> <p>The <code>logout</code> method</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="mf">...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">logout</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$token</span> <span class="o">=</span> <span class="nf">request</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">user</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">token</span><span class="p">();</span> <span class="nv">$token</span><span class="o">-&gt;</span><span class="nb">delete</span><span class="p">();</span> <span class="c1">// remove the httponly cookie</span> <span class="nf">cookie</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">queue</span><span class="p">(</span><span class="nf">cookie</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">forget</span><span class="p">(</span><span class="s1">'refresh_token'</span><span class="p">));</span> <span class="k">return</span> <span class="nf">response</span><span class="p">([</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'You have been successfully logged out'</span><span class="p">,</span> <span class="p">],</span> <span class="mi">200</span><span class="p">);</span> <span class="p">}</span> <span class="mf">...</span> </code></pre> </div> <p>Ok, that's everything we have to do in our back-end. I think that the methods in the <code>AuthController</code> are self explanatory.</p> <h3> Making the Nuxt front-end </h3> <p>Nuxt is, as stated in the official documentation, a progressive framework based on Vue.js to create modern web applications. It is based on Vue.js official libraries (vue, vue-router and vuex) and powerful development tools (webpack, Babel and PostCSS). Nuxt goal is to make web development powerful and performant with a great developer experience in mind.</p> <p>To create nuxt project run <code>npx create-nuxt-app auth-spa-frontend</code>. If you don't have <code>npm</code> install it first.</p> <p>It will ask you some questions like project name, description, package manager, etc. Enter and choose whatever you like. Just make sure that custom server framework is set to none and you add <code>axios</code> nuxt module. Note that I will be using bootstrap-vue.</p> <p>We will also install additional package <code>js-cookie</code>, run <code>npm install js-cookie</code>.</p> <p>I won't bother you with structuring the front-end and how the things should look like. The front-end will be pretty simple but functional.</p> <p>In the <code>nuxt.config.js</code> set the axios <code>baseUrl</code></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="p">...</span> <span class="na">axios</span><span class="p">:</span> <span class="p">{</span> <span class="na">baseURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://auth-api.web/api/</span><span class="dl">'</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// this says that in the request the httponly cookie should be sent</span> <span class="p">},</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <p>Next we will activate the vue state management library <code>vuex</code>. In order to do that we only need to make new js file in store folder.</p> <p>If you are not familiar how <code>vuex</code> works, I would suggest to read the documentation, it's pretty straightforward.</p> <p>Add <code>index.js</code> file in the store folder, and add the following</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">cookies</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">js-cookie</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">token</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="p">});</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">mutations</span> <span class="o">=</span> <span class="p">{</span> <span class="nc">SET_TOKEN</span><span class="p">(</span><span class="nx">state</span><span class="p">,</span> <span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">state</span><span class="p">.</span><span class="nx">token</span> <span class="o">=</span> <span class="nx">token</span><span class="p">;</span> <span class="p">},</span> <span class="nc">REMOVE_TOKEN</span><span class="p">(</span><span class="nx">state</span><span class="p">)</span> <span class="p">{</span> <span class="nx">state</span><span class="p">.</span><span class="nx">token</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">actions</span> <span class="o">=</span> <span class="p">{</span> <span class="nf">setToken</span><span class="p">({</span><span class="nx">commit</span><span class="p">},</span> <span class="p">{</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">})</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Bearer</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">expiryTime</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">getTime</span><span class="p">()</span> <span class="o">+</span> <span class="nx">expiresIn</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">);</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">x-access-token</span><span class="dl">'</span><span class="p">,</span> <span class="nx">token</span><span class="p">,</span> <span class="p">{</span><span class="na">expires</span><span class="p">:</span> <span class="nx">expiryTime</span><span class="p">});</span> <span class="nf">commit</span><span class="p">(</span><span class="dl">'</span><span class="s1">SET_TOKEN</span><span class="dl">'</span><span class="p">,</span> <span class="nx">token</span><span class="p">);</span> <span class="p">},</span> <span class="k">async</span> <span class="nf">refreshToken</span><span class="p">({</span><span class="nx">dispatch</span><span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">$post</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh-token</span><span class="dl">'</span><span class="p">);</span> <span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">setToken</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">});</span> <span class="p">},</span> <span class="nf">logout</span><span class="p">({</span><span class="nx">commit</span><span class="p">})</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">setToken</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="dl">'</span><span class="s1">x-access-token</span><span class="dl">'</span><span class="p">);</span> <span class="nf">commit</span><span class="p">(</span><span class="dl">'</span><span class="s1">REMOVE_TOKEN</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>I will explain the actions one by one:</p> <ol> <li> <code>setToken</code> - it sets the token in axios, in the cookie and calls the <code>SET_TOKEN</code> commit</li> <li> <code>refreshToken</code> - it send POST request to the API to refresh the token and dispatches <code>setToken</code> action</li> <li> <code>logout</code> - it removes the token form axios, cookie and from the state</li> </ol> <p>In the pages folder, add these vue files: <code>register.vue</code>, <code>login.vue</code>, <code>secret.vue</code>.</p> <p>Then in the <code>pages/register.vue</code> add this</p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code> <span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"container"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form</span> <span class="err">@</span><span class="na">submit.prevent=</span><span class="s">"register"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form-group</span> <span class="na">id=</span><span class="s">"input-group-1"</span> <span class="na">label=</span><span class="s">"Email address:"</span> <span class="na">label-for=</span><span class="s">"input-1"</span> <span class="nt">&gt;</span> <span class="nt">&lt;b-form-input</span> <span class="na">id=</span><span class="s">"input-1"</span> <span class="na">v-model=</span><span class="s">"form.email"</span> <span class="na">type=</span><span class="s">"email"</span> <span class="na">required</span> <span class="na">placeholder=</span><span class="s">"Enter email"</span> <span class="nt">&gt;&lt;/b-form-input&gt;</span> <span class="nt">&lt;/b-form-group&gt;</span> <span class="nt">&lt;b-form-group</span> <span class="na">id=</span><span class="s">"input-group-2"</span> <span class="na">label=</span><span class="s">"Your Name:"</span> <span class="na">label-for=</span><span class="s">"input-2"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form-input</span> <span class="na">id=</span><span class="s">"input-2"</span> <span class="na">v-model=</span><span class="s">"form.name"</span> <span class="na">required</span> <span class="na">placeholder=</span><span class="s">"Enter name"</span> <span class="nt">&gt;&lt;/b-form-input&gt;</span> <span class="nt">&lt;/b-form-group&gt;</span> <span class="nt">&lt;b-form-group</span> <span class="na">id=</span><span class="s">"input-group-3"</span> <span class="na">label=</span><span class="s">"Password:"</span> <span class="na">label-for=</span><span class="s">"input-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form-input</span> <span class="na">id=</span><span class="s">"input-3"</span> <span class="na">type=</span><span class="s">"password"</span> <span class="na">v-model=</span><span class="s">"form.password"</span> <span class="na">required</span> <span class="na">placeholder=</span><span class="s">"Enter password"</span> <span class="nt">&gt;&lt;/b-form-input&gt;</span> <span class="nt">&lt;/b-form-group&gt;</span> <span class="nt">&lt;b-button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">variant=</span><span class="s">"primary"</span><span class="nt">&gt;</span>Submit<span class="nt">&lt;/b-button&gt;</span> <span class="nt">&lt;/b-form&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="nf">data</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">form</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">},</span> <span class="na">methods</span><span class="p">:</span> <span class="p">{</span> <span class="nf">register</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">$post</span><span class="p">(</span><span class="dl">'</span><span class="s1">register</span><span class="dl">'</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">form</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(({</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$store</span><span class="p">.</span><span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">setToken</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">$router</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span><span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">errors</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">dir</span><span class="p">(</span><span class="nx">errors</span><span class="p">);</span> <span class="p">});</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> </code></pre> </div> <p><code>pages/login.vue</code> is pretty similar to register, we just need to make some slight changes</p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code> <span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"container"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form</span> <span class="err">@</span><span class="na">submit.prevent=</span><span class="s">"login"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form-group</span> <span class="na">id=</span><span class="s">"input-group-1"</span> <span class="na">label=</span><span class="s">"Email address:"</span> <span class="na">label-for=</span><span class="s">"input-1"</span> <span class="nt">&gt;</span> <span class="nt">&lt;b-form-input</span> <span class="na">id=</span><span class="s">"input-1"</span> <span class="na">v-model=</span><span class="s">"form.email"</span> <span class="na">type=</span><span class="s">"email"</span> <span class="na">required</span> <span class="na">placeholder=</span><span class="s">"Enter email"</span> <span class="nt">&gt;&lt;/b-form-input&gt;</span> <span class="nt">&lt;/b-form-group&gt;</span> <span class="nt">&lt;b-form-group</span> <span class="na">id=</span><span class="s">"input-group-3"</span> <span class="na">label=</span><span class="s">"Password:"</span> <span class="na">label-for=</span><span class="s">"input-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-form-input</span> <span class="na">id=</span><span class="s">"input-3"</span> <span class="na">type=</span><span class="s">"password"</span> <span class="na">v-model=</span><span class="s">"form.password"</span> <span class="na">required</span> <span class="na">placeholder=</span><span class="s">"Enter password"</span> <span class="nt">&gt;&lt;/b-form-input&gt;</span> <span class="nt">&lt;/b-form-group&gt;</span> <span class="nt">&lt;b-button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">variant=</span><span class="s">"primary"</span><span class="nt">&gt;</span>Submit<span class="nt">&lt;/b-button&gt;</span> <span class="nt">&lt;/b-form&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="nf">data</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">form</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">},</span> <span class="na">methods</span><span class="p">:</span> <span class="p">{</span> <span class="nf">login</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">$post</span><span class="p">(</span><span class="dl">'</span><span class="s1">login</span><span class="dl">'</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">form</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(({</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$store</span><span class="p">.</span><span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">setToken</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span><span class="nx">token</span><span class="p">,</span> <span class="nx">expiresIn</span><span class="p">});</span> <span class="k">this</span><span class="p">.</span><span class="nx">$router</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span><span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">errors</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">dir</span><span class="p">(</span><span class="nx">errors</span><span class="p">);</span> <span class="p">});</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> </code></pre> </div> <p>In the <code>pages/secret.vue</code> add this</p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code> <span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;h2&gt;</span>THIS IS SOME SECRET PAGE<span class="nt">&lt;/h2&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="na">middleware</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auth</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> </code></pre> </div> <p>We must make route middleware for auth, in the middleware folder add new <code>auth.js</code> file, and add this</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">export</span> <span class="k">default</span> <span class="nf">function </span><span class="p">({</span> <span class="nx">store</span><span class="p">,</span> <span class="nx">redirect</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span> <span class="nx">store</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now we will make the navbar. Change <code>layouts/deafult.vue</code> like this</p> <div class="highlight js-code-highlight"> <pre class="highlight vue"><code> <span class="nt">&lt;</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;b-navbar</span> <span class="na">toggleable=</span><span class="s">"lg"</span> <span class="na">type=</span><span class="s">"dark"</span> <span class="na">variant=</span><span class="s">"info"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-navbar-brand</span> <span class="na">href=</span><span class="s">"#"</span><span class="nt">&gt;</span>NavBar<span class="nt">&lt;/b-navbar-brand&gt;</span> <span class="nt">&lt;b-navbar-toggle</span> <span class="na">target=</span><span class="s">"nav-collapse"</span><span class="nt">&gt;&lt;/b-navbar-toggle&gt;</span> <span class="nt">&lt;b-collapse</span> <span class="na">id=</span><span class="s">"nav-collapse"</span> <span class="na">is-nav</span><span class="nt">&gt;</span> <span class="nt">&lt;b-navbar-nav</span> <span class="na">class=</span><span class="s">"ml-auto"</span> <span class="na">v-if=</span><span class="s">"isLoggedIn"</span><span class="nt">&gt;</span> <span class="nt">&lt;b-nav-item</span> <span class="na">:to=</span><span class="s">"</span>{name: 'secret'}"&gt;Secret Page<span class="nt">&lt;/b-nav-item&gt;</span> <span class="nt">&lt;b-nav-item</span> <span class="na">href=</span><span class="s">"#"</span> <span class="na">right</span> <span class="err">@</span><span class="na">click=</span><span class="s">"logout"</span><span class="nt">&gt;</span>Logout<span class="nt">&lt;/b-nav-item&gt;</span> <span class="nt">&lt;/b-navbar-nav&gt;</span> <span class="nt">&lt;b-navbar-nav</span> <span class="na">class=</span><span class="s">"ml-auto"</span> <span class="na">v-else</span><span class="nt">&gt;</span> <span class="nt">&lt;b-nav-item</span> <span class="na">:to=</span><span class="s">"</span>{name: 'login'}"&gt;Login<span class="nt">&lt;/b-nav-item&gt;</span> <span class="nt">&lt;/b-navbar-nav&gt;</span> <span class="nt">&lt;/b-collapse&gt;</span> <span class="nt">&lt;/b-navbar&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;nuxt</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/</span><span class="k">template</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="k">script</span><span class="nt">&gt;</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="na">computed</span><span class="p">:</span> <span class="p">{</span> <span class="nf">isLoggedIn</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">$store</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">token</span><span class="p">;</span> <span class="p">}</span> <span class="p">},</span> <span class="na">methods</span><span class="p">:</span> <span class="p">{</span> <span class="nf">logout</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$axios</span><span class="p">.</span><span class="nf">$post</span><span class="p">(</span><span class="dl">'</span><span class="s1">logout</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">resp</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">$store</span><span class="p">.</span><span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">logout</span><span class="dl">'</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">$router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">errors</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">dir</span><span class="p">(</span><span class="nx">errors</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nt">&lt;/</span><span class="k">script</span><span class="nt">&gt;</span> ... </code></pre> </div> <p>And in order for the access token to be refreshed, we will add another middleware that will be applied to every route. To do this, in <code>nuxt.config.js</code> add this</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="p">...</span> <span class="na">router</span><span class="p">:</span> <span class="p">{</span> <span class="na">middleware</span><span class="p">:</span> <span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <p>And create that middleware. In the middleware folder add new file <code>refreshToken.js</code> and add this</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">cookies</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">js-cookie</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">function </span><span class="p">({</span> <span class="nx">store</span><span class="p">,</span> <span class="nx">redirect</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">x-access-token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span> <span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">store</span><span class="p">.</span><span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">refreshToken</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">errors</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">dir</span><span class="p">(</span><span class="nx">errors</span><span class="p">);</span> <span class="nx">store</span><span class="p">.</span><span class="nf">dispatch</span><span class="p">(</span><span class="dl">'</span><span class="s1">logout</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Here we check if the user has token in the cookies, if he doesn't, we will try to refresh his token, and assign him a new access token.</p> <p>And that's it. Now we have authentication system that's secure, because even if someone is able to steal the access token of some user, he won't have much time to do anything with it.</p> <p>This was a long post, but I hope that the concepts are clear and concise. If you have any questions or if you think that something can be improved, please comment below.</p> php javascript laravel nuxt