{"id":15739627,"url":"https://github.com/dusterio/lumen-passport","last_synced_at":"2025-04-13T21:28:46.058Z","repository":{"id":10603696,"uuid":"66318634","full_name":"dusterio/lumen-passport","owner":"dusterio","description":"Making Laravel Passport work with Lumen","archived":false,"fork":false,"pushed_at":"2024-03-02T06:17:20.000Z","size":72,"stargazers_count":654,"open_issues_count":10,"forks_count":140,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-06T17:09:23.571Z","etag":null,"topics":["jwt","lumen","oauth2","passport"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dusterio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-08-23T00:38:58.000Z","updated_at":"2025-03-28T20:14:38.000Z","dependencies_parsed_at":"2024-04-10T09:46:55.936Z","dependency_job_id":"a149174a-6c45-42ec-b311-c3d3dbdae903","html_url":"https://github.com/dusterio/lumen-passport","commit_stats":{"total_commits":72,"total_committers":16,"mean_commits":4.5,"dds":0.4305555555555556,"last_synced_commit":"9729c62dc3ccbcf4b31c173817223851f84cfd98"},"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dusterio%2Flumen-passport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dusterio%2Flumen-passport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dusterio%2Flumen-passport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dusterio%2Flumen-passport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dusterio","download_url":"https://codeload.github.com/dusterio/lumen-passport/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248784833,"owners_count":21161187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt","lumen","oauth2","passport"],"created_at":"2024-10-04T02:04:56.510Z","updated_at":"2025-04-13T21:28:46.034Z","avatar_url":"https://github.com/dusterio.png","language":"PHP","funding_links":[],"categories":["Packages and Middleware"],"sub_categories":["Videos"],"readme":"# Lumen Passport\n\n[![Build Status](https://travis-ci.org/dusterio/lumen-passport.svg)](https://travis-ci.org/dusterio/lumen-passport)\n[![Code Climate](https://codeclimate.com/github/dusterio/lumen-passport/badges/gpa.svg)](https://codeclimate.com/github/dusterio/lumen-passport/badges)\n[![Total Downloads](https://poser.pugx.org/dusterio/lumen-passport/d/total.svg)](https://packagist.org/packages/dusterio/lumen-passport)\n[![Latest Stable Version](https://poser.pugx.org/dusterio/lumen-passport/v/stable.svg)](https://packagist.org/packages/dusterio/lumen-passport)\n[![Latest Unstable Version](https://poser.pugx.org/dusterio/lumen-passport/v/unstable.svg)](https://packagist.org/packages/dusterio/lumen-passport)\n[![License](https://poser.pugx.org/dusterio/lumen-passport/license.svg)](https://packagist.org/packages/dusterio/lumen-passport)\n\n\u003e Making Laravel Passport work with Lumen\n\n## Introduction\n\nIt's a simple service provider that makes **Laravel Passport** work with **Lumen**.\n\n## Installation\n\nFirst install [Lumen Micro-Framework](https://github.com/laravel/lumen) if you don't have it yet.\n\nThen install **Lumen Passport**:\n\n```bash\ncomposer require dusterio/lumen-passport\n```\n\nOr if you prefer, edit `composer.json` manually and run then `composer update`:\n\n```json\n{\n    \"require\": {\n        \"dusterio/lumen-passport\": \"^0.3.5\"\n    }\n}\n```\n\n### Modify the bootstrap flow\n\nWe need to enable both **Laravel Passport** provider and **Lumen Passport** specific provider:\n\n```php\n/** @file bootstrap/app.php */\n\n// Enable Facades\n$app-\u003ewithFacades();\n\n// Enable Eloquent\n$app-\u003ewithEloquent();\n\n// Enable auth middleware (shipped with Lumen)\n$app-\u003erouteMiddleware([\n    'auth' =\u003e App\\Http\\Middleware\\Authenticate::class,\n]);\n\n// Register two service providers, Laravel Passport and Lumen adapter\n$app-\u003eregister(Laravel\\Passport\\PassportServiceProvider::class);\n$app-\u003eregister(Dusterio\\LumenPassport\\PassportServiceProvider::class);\n```\n\n### Laravel Passport ^7.3.2 and newer\n\nOn 30 Jul 2019 [Laravel Passport 7.3.2](https://github.com/laravel/passport/releases/tag/v7.3.2) had a breaking change - new method introduced on Application class that exists in Laravel but not in Lumen. You could either lock in to an older version or swap the Application class like follows:\n\n```php\n/** @file bootstrap/app.php */\n\n//$app = new Laravel\\Lumen\\Application(\n//    dirname(__DIR__)\n//);\n$app = new \\Dusterio\\LumenPassport\\Lumen7Application(\n    dirname(__DIR__)\n);\n```\n\n\\* _Note: If you look inside this class - all it does is adding an extra method `configurationIsCached()` that always returns `false`._\n\n### Migrate and install Laravel Passport\n\n```bash\n# Create new tables for Passport\nphp artisan migrate\n\n# Install encryption keys and other stuff for Passport\nphp artisan passport:install\n```\n\nIt will output the Personal access client ID and secret, and the Password grand client ID and secret.\n\n\\* _Note: Save the secrets in a safe place, you'll need them later to request the access tokens._\n\n## Configuration\n\n### Configure Authentication\n\nEdit `config/auth.php` to suit your needs. A simple example:\n\n```php\n/** @file config/auth.php */\n\nreturn [\n\n    'providers' =\u003e [\n        'users' =\u003e [\n            'driver' =\u003e 'eloquent',\n            'model' =\u003e \\App\\Models\\User::class\n        ]\n    ],\n\n];\n```\n\n\\* _Note: Lumen 7.x and older uses `\\App\\User::class`_\n\nLoad the config since Lumen doesn't load config files automatically:\n\n```php\n/** @file bootstrap/app.php */\n\n$app-\u003econfigure('auth');\n```\n\n### Registering Routes\n\nNext, you should call the `LumenPassport::routes` method within the `boot` method of your application (one of your service providers). This method will register the routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens:\n\n```php\n/** @file app/Providers/AuthServiceProvider.php */\n\nuse Dusterio\\LumenPassport\\LumenPassport;\n\nclass AuthServiceProvider extends ServiceProvider\n{\n    public function boot()\n    {\n        LumenPassport::routes($this-\u003eapp);\n\n        /* rest of boot */\n    }\n}\n```\n\n### User model\n\nMake sure your user model uses **Laravel Passport**'s `HasApiTokens` trait.\n\n```php\n/** @file app/Models/User.php */\n\nuse Laravel\\Passport\\HasApiTokens;\n\nclass User extends Model implements AuthenticatableContract, AuthorizableContract\n{\n    use HasApiTokens, Authenticatable, Authorizable, HasFactory;\n\n    /* rest of the model */\n}\n```\n\n## Usage\n\nYou'll find all the documentation in [Laravel Passport Docs](https://laravel.com/docs/master/passport).\n\n### Curl example with username and password authentication\n\nFirst you have to [issue an access token](https://laravel.com/docs/master/passport#issuing-access-tokens) and then you can use it to authenticate your requests.\n\n```bash\n# Request\ncurl --location --request POST '{{APP_URL}}/oauth/token' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\n    \"grant_type\": \"password\",\n    \"client_id\": \"{{CLIENT_ID}}\",\n    \"client_secret\": \"{{CLIENT_SECRET}}\",\n    \"username\": \"{{USER_EMAIL}}\",\n    \"password\": \"{{USER_PASSWORD}}\",\n    \"scope\": \"*\"\n}'\n```\n\n```json\n{\n    \"token_type\": \"Bearer\",\n    \"expires_in\": 31536000,\n    \"access_token\": \"******\",\n    \"refresh_token\": \"******\"\n}\n```\n\nAnd with the `access_token` you can request access to the routes that uses the Auth:Api Middleware provided by the **Lumen Passport**.\n\n```php\n/** @file routes/web.php */\n\n$router-\u003eget('/ping', ['middleware' =\u003e 'auth', fn () =\u003e 'pong']);\n```\n\n```bash\n# Request\ncurl --location --request GET '{{APP_URL}}/ping' \\\n--header 'Authorization: Bearer {{ACCESS_TOKEN}}'\n```\n\n```html\npong\n```\n\n### Installed routes\n\nThis package mounts the following routes after you call `routes()` method, all of them belongs to the namespace `\\Laravel\\Passport\\Http\\Controllers`:\n\nVerb | Path | Controller | Action | Middleware\n--- | --- | --- | --- | ---\nPOST   | /oauth/token                             | AccessTokenController           | issueToken | -\nGET    | /oauth/tokens                            | AuthorizedAccessTokenController | forUser    | auth\nDELETE | /oauth/tokens/{token_id}                 | AuthorizedAccessTokenController | destroy    | auth\nPOST   | /oauth/token/refresh                     | TransientTokenController        | refresh    | auth\nGET    | /oauth/clients                           | ClientController                | forUser    | auth\nPOST   | /oauth/clients                           | ClientController                | store      | auth\nPUT    | /oauth/clients/{client_id}               | ClientController                | update     | auth\nDELETE | /oauth/clients/{client_id}               | ClientController                | destroy    | auth\nGET    | /oauth/scopes                            | ScopeController                 | all        | auth\nGET    | /oauth/personal-access-tokens            | PersonalAccessTokenController   | forUser    | auth\nPOST   | /oauth/personal-access-tokens            | PersonalAccessTokenController   | store      | auth\nDELETE | /oauth/personal-access-tokens/{token_id} | PersonalAccessTokenController   | destroy    | auth\n\n\\* _Note: some of the **Laravel Passport**'s routes had to 'go away' because they are web-related and rely on sessions (eg. authorise pages). Lumen is an API framework so only API-related routes are present._\n\n## Extra features\n\nThere are a couple of extra features that aren't present in **Laravel Passport**\n\n### Prefixing Routes\n\nYou can add that into an existing group, or add use this route registrar independently like so;\n\n```php\n/** @file app/Providers/AuthServiceProvider.php */\n\nuse Dusterio\\LumenPassport\\LumenPassport;\n\nclass AuthServiceProvider extends ServiceProvider\n{\n    public function boot()\n    {\n        LumenPassport::routes($this-\u003eapp, ['prefix' =\u003e 'v1/oauth']);\n\n        /* rest of boot */\n    }\n}\n```\n\n### Multiple tokens per client\n\nSometimes it's handy to allow multiple access tokens per password grant client. Eg. user logs in from several browsers\nsimultaneously. Currently **Laravel Passport** does not allow that.\n\n```php\n/** @file app/Providers/AuthServiceProvider.php */\n\nuse Dusterio\\LumenPassport\\LumenPassport;\n\nclass AuthServiceProvider extends ServiceProvider\n{\n    public function boot()\n    {\n        LumenPassport::routes($this-\u003eapp);\n        LumenPassport::allowMultipleTokens();\n\n        /* rest of boot */\n    }\n}\n```\n\n### Different TTLs for different password clients\n\n**Laravel Passport** allows to set one global TTL (time to live) for access tokens, but it may be useful sometimes to set different TTLs for different clients (eg. mobile users get more time than desktop users).\n\nSimply do the following in your service provider:\n\n```php\n/** @file app/Providers/AuthServiceProvider.php */\n\nuse Carbon\\Carbon;\nuse Dusterio\\LumenPassport\\LumenPassport;\n\nclass AuthServiceProvider extends ServiceProvider\n{\n    public function boot()\n    {\n        LumenPassport::routes($this-\u003eapp);\n        $client_id = '1';\n        LumenPassport::tokensExpireIn(Carbon::now()-\u003eaddDays(14), $client_id); \n\n        /* rest of boot */\n    }\n}\n```\n\nIf you don't specify client Id, it will simply fall back to Laravel Passport implementation.\n\n### Purge expired tokens\n\n```bash\nphp artisan passport:purge\n```\n\nSimply run it to remove expired refresh tokens and their corresponding access tokens from the database.\n\n## Error and issue resolution\n\nInstead of opening a new issue, please see if someone has already had it and it has been resolved.\n\nIf you have found a bug or want to contribute to improving the package, please review the [Contributing guide](https://github.com/dusterio/lumen-passport/blob/master/CONTRIBUTING.md) and the [Code of Conduct](https://github.com/dusterio/lumen-passport/blob/master/CODE_OF_CONDUCT.md).\n\n## Video tutorials\n\nI've just started a educational YouTube channel [config.sys](https://www.youtube.com/channel/UCIvUJ1iVRjJP_xL0CD7cMpg) that will cover top IT trends in software development and DevOps.\n\nAlso I'm happy to announce my newest tool – [GrammarCI](https://www.grammarci.com/), an automated (as a part of CI/CD process) spelling and grammar checks for your code so that your users don't see your typos :)\n\n## License\n\nThe MIT License (MIT)\nCopyright (c) 2016 Denis Mysenko\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdusterio%2Flumen-passport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdusterio%2Flumen-passport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdusterio%2Flumen-passport/lists"}