Video coming soon...
Example repo is here https://github.com/alnutile/oauth_how_to
The library we will use is
https://github.com/lucadegasperi/oauth2-server-laravel
This will setup a server both client_type and password_type for Grant Types.
Coming to terms with this stuff is long and tedious. The docs are here https://github.com/lucadegasperi/oauth2-server-laravel/wiki will help and then these lead to the League docs as well http://oauth2.thephpleague.com/
There is also a podcast interview with the Alex Bilbie who made the League Oauth Library http://fullstackradio.com/episodes/4/
What I will cover is mainly the instalation going beyond the docs above into the details of getting this thing going. I will also provide a "play" repo for you to review.
Install laravel as normal, install the library as normal. You will see some extra stuff I have in the repo for helping out as well (this will be seen in the video too)
app/OauthTools
Some commands to use artisan to make users, tokens etc.
So in the end my app/Console/Kernel.php
looked like https://github.com/alnutile/oauth_how_to/blob/master/app/Console/Kernel.php
So I could easily do
php artisan oauth-tools:adduser admin@foo.com
or
php artisan oauth-tools:generate-token 33591b34-03c2-4ece-a763-d531aee0298a admin@foo.com client
Also note composer.json I use a uuid library to help with these commands etc.
Finally to have all of this work out of the box with the Postman file I shared run it this way for now
cd public
php -S localhost:8181
The database for this example is sqlite so
touch storage/database.sqlite
php artisan migrate:refresh --seed
And you should now have a db and migrations
Since it is sqlite just rm the file and touch it again to re-migrate and save your self the headache of DBAL driver etc since this just just a quick working demo.
config/oauth2.php
file as seen here BUT only if you want these. And my access_token_ttl
is way too big so see the defaults in the docs. Also note it points to OauthPasswordVerifier which the docs talk about as well.
As noted you add the code to your route
Route::post('oauth/access_token', function() {
return Response::json(Authorizer::issueAccessToken());
});
Route::get('test', ['middleware' => 'oauth', function() {
return Response::json("Welcome");
}]);
Later on you will see this instead
Route::post('oauth/access_token', function() {
return Response::json(Authorizer::issueAccessToken());
});
Route::get('test', ['middleware' => 'oauthOrAuth', function() {
return Response::json("Welcome");
}]);
With the oauthOrAuth I will explain that in the video as well. But basically and api endpoint can be used by a local session based user and a remote application using oauth. It is just how our APIs go.
So this lets that work just fine.
Just to show it all working you will see in the video me using postman. You will see that in the repo here
Between the links above and Postman you have a working