This repository is a tutorial to demonstrate how Laravel Passport implements the four authorization flows defined by the OAuth2 RFC. There are two simple laravel applications inside it, one is called API (containing the tasks protected resource to be accessed) and the other called Consumer (the app that wants to access the tasks).
You need docker and docker compose installed before proceed:
$ curl -fsSL https://get.docker.com | sh
$ sudo curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
More information on how to install both here and here.
$ git clone https://github.com/gustavobgama/laravel-passport-demo.git ./LaravelPassport
$ cd LaravelPassport && docker-compose up -d
The installation is complete and now you can move on to the demonstration steps.
-
First try to access the resource without being authorized, accessing the consumer route: http://localhost:8001/tasks
You will probably get an
authorization error
, so let's create an OAuth client in API app and configure the consumer app. -
You can create the OAuth client using both
command line
andweb interface
.With command line you can create the OAuth client (you have to answer some questions interactively):
$ docker-compose exec api php artisan passport:client
Or you can use the web interface, doing you login here http://localhost:8000/ using these credentials (
[email protected]
/password
). Then following the steps in the images below:
-
Now you must configure the
.env
file of consumer app withclient_id
andclient_secret
generated in the last step:OAUTH_GRANT_AUTHORIZATION_CODE_CLIENT_ID= OAUTH_GRANT_AUTHORIZATION_CODE_CLIENT_SECRET=
-
You are now ready to do the complete authorization flow.
- Access the home of the consumer app: http://localhost:8001/
- You will be redirected to authenticate at API app, authenticate using the same credentials (
[email protected]
/password
) - This authorization page will be displayed, this represents the consumer app asking for permission to access the api app protected resource (tasks), answer "Authorize"
- You will be redirected to the tasks route of consumer http://localhost:8001/tasks and now will be able to see a list of the tasks ๐
This flow is the most complex of all, the next ones are simpler and involves fewer steps.
-
Using the comsumer, try to access the protected resource (tasks) of API:
$ docker-compose exec consumer php artisan tasks:get --grant=password
You will probably get an
authorization error
, so let's create an OAuth client in API app and configure the consumer app. -
As shown before you can create OAuth clients in API app using the command line or web interface, let's create with command line
$ docker-compose exec api php artisan passport:client --password --no-interaction
-
Now you must configure the
.env
file of consumer app withclient_id
andclient_secret
generated in the last step:OAUTH_GRANT_PASSWORD_CLIENT_ID= OAUTH_GRANT_PASSWORD_CLIENT_SECRET=
-
With all configurations in place, now you can get the protected resource (tasks) from API app executing the same command of the first step ๐
$ docker-compose exec consumer php artisan tasks:get --grant=password
Pretty much similar to the Resource owner password credentials flow
, the steps are pratically the same.
-
Using the comsumer, try to access the protected resource (tasks) of API:
$ docker-compose exec consumer php artisan tasks:get --grant=client_credentials
You will probably get an
authorization error
, so let's create an OAuth client in API app and configure the consumer app. -
Let's create the OAuth client:
$ docker-compose exec api php artisan passport:client --client --no-interaction
-
Now you must configure the
.env
file of consumer app withclient_id
andclient_secret
generated in the last step:OAUTH_GRANT_CLIENT_CREDENTIALS_CLIENT_ID= OAUTH_GRANT_CLIENT_CREDENTIALS_CLIENT_SECRET=
-
With all configurations in place, now you can get the protected resource (tasks) from API app executing the same command of the first step ๐
$ docker-compose exec consumer php artisan tasks:get --grant=client_credentials
TODO