To manage multiple clients in Laravel Passport, you can follow these steps:
1. Install Passport
- Run the `install:api` command to install Passport and create the necessary database tables:bash
php artisan install:api --passport
2. Create Clients
- Use the `passport:client` command to create clients. This command will prompt you for details about your client and provide a client ID and client secret:bash
php artisan passport:client
3. Configure Clients
- You can specify multiple redirect URLs for your client by providing a comma-delimited list when prompted for the URL:bash
https://example.com/callback,https://examplefoo.com/callback
4. Manage Client Permissions
- You can manage client permissions by assigning different users to different clients. This can be done by specifying the user ID when prompted for the user ID during client creation:bash
Which user ID should the client be assigned to?:
> 1
5. Approve Clients
- To manage client approval, you can create a workflow where clients are registered and approved by an administrator before they can use their client ID and secret to consume your API. This can be achieved by creating a custom client registration process that involves approval by an admin user.6. Use Clients
- Use the client ID and client secret to authenticate with your API. For example, you can use the client credentials grant to authenticate a machine-to-machine application:php
$response = Http::asForm()->post('https://passport-app.test/oauth/token', [
'grant_type' => 'client_credentials',
'client_id' => $clientId,
'client_secret' => $clientSecret,
'scope' => 'your-scope',
]);
$accessToken = $response->json()['access_token'];
Example Usage
Here is an example of how to use the client credentials grant to authenticate a machine-to-machine application:
1. Create a Client:
bash
php artisan passport:client
2. Get the Client ID and Secret:
php
$clientSecret = $client->secret;
$clientId = $client->id;
3. Authenticate with the API:
php
$response = Http::asForm()->post('https://passport-app.test/oauth/token', [
'grant_type' => 'client_credentials',
'client_id' => $clientId,
'client_secret' => $clientSecret,
'scope' => 'your-scope',
]);
$accessToken = $response->json()['access_token'];
Additional Steps
- Add the `HasApiTokens` Trait:
- Add the `HasApiTokens` trait to your `User` model to provide helper methods for inspecting the authenticated user's token and scopes:
php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
}
- Configure the `api` Guard:
- In your `config/auth.php` file, set the `driver` option for the `api` guard to `passport` to use Passport's `TokenGuard` for API authentication:
php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
By following these steps, you can manage multiple clients in Laravel Passport and use them to authenticate machine-to-machine applications with your API.
Citations:[1] https://laracasts.com/discuss/channels/laravel/passport-with-one-client-and-multiple-users
[2] https://laravel.com/docs/11.x/passport
[3] https://github.com/laravel/passport/issues/982
[4] https://softwareengineering.stackexchange.com/questions/391585/creating-and-approving-oauth2-clients-using-laravel-passport
[5] https://laravel-docs.readthedocs.io/en/stable/passport/