Note: The password grant is the only mechanism that has been tested fully. If you have any queries on how to install and use it feel free to reach out to me via the contact in my author page or make an issue in case of bugs or questions. Also, if you set up the other mechanisms successfully, please feel free to make a PR to the README.md and contribute your steps.
Introduction
This plugin provides OAuth2 provider using Laravel Passport. It is designed to be compatible with a future plugin that is WIP but I have pushed it early since it works fine as a standalone plugin. What this means is that in the future, you will see some breaking changes to this plugin--however, since I have planned to maintain the API signatures of the plugin (see under API heading) you can go ahead and use it with a level of confidence.
[Note: Right now this plugin is mainly been tailored for the Password grant for use in mobile apps. I tested the other grants and it works fine, however, I have not documented them yet.]
Coming Soon
- RainLab.User plugin support for better token management as well as support for using username than email for authentication.
- Settings page to manage configuration.
- RESTful plugin support for better API management
- Mobile plugin support to allow instance-level token issue, singleton tokens, and other cool features.
The following plugin is required
Creating Clients
With this plugin installed, run php artisan passport:client to generate the client
Configuration
You need to create a config file auth.php in your config folder for configuration that looks something like this:
<?php
return [
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => Backend\Models\User::class,
]
],
'guards' => [
'api' => [
'driver' => 'session',
'provider' => 'users',
]
],
];
By default, the API provider will check for the email field in order to authenticate the request. If you want to override this, then in your provider's model class define a findForPassport method with a single $username parameter and return an Eloquent record. In the above configuration, I am using OctoberCMS' Backend user class so you would have to override it using the extension methods only.
API Details
Password Grant API
POST /oauth/token
Resource URL: /oauth/token 
| Parameters | Description |
|---|---|
| grant_type | The grant type -- Can be password, refresh_token, personal_access, implicit, authorization_code, client_credentials |
| client_id | The client ID which matches the ID value in the oauth_clients table |
| client_secret | The client secret which is shown when you create the client. |
| username | The username of the user requesting the token. |
| password | The password of the user requesting the token. |
For the refresh_token, set the grant_type as refresh_token and send the token without other user credentials. If you have doubts on the API, read this article which is accurate to the API that is supported by this plugin.
-
This plugin has not been reviewed yet.
-
| 1.0.1 |
First version of OAuth2 Aug 29, 2019 |
|---|