onsigbaar / onsigbaar by b7d6f001

The Laravel Framework.

framework laravel oauth2 passport onsigbaar api server password grant admin dashboard voyager

Package Data
Maintainer Username:	b7d6f001
Package Create Date:	2017-04-16
Package Last Update:	2019-07-27
Home Page:
Language:	PHP
License:	MIT
Last Refreshed:	2024-04-19 15:02:35

Package Statistics
Total Downloads:	56
Monthly Downloads:	0
Daily Downloads:	0
Total Stars:	2
Total Watchers:	2
Total Forks:	0
Total Open Issues:	0

onsigbaar

Laravel Passport OAuth2 API Server authentication using Resouce Owner Password Credential Grant with optional laravel admin dashboard that includes user-permission-role, GUI for CRUD operations, a media manager, menu builder, and much more.

Install

composer create-project --prefer-dist onsigbaar/onsigbaar projectname

Create the database

Adjust .env with your database configuration/ credential

# .env

DB_DATABASE=
DB_USERNAME=
DB_PASSWORD=

Passport install

composer passport-install

Copy personal access and password grant client value into .env

# .env
PERSONAL_CLIENT_ID=
PERSONAL_CLIENT_SECRET=
PASSWORD_CLIENT_ID=
PASSWORD_CLIENT_SECRET=

Install done.

Api

In the terminal/ cmd/ bash run the dev server using php artisan serve.

Authenticate user

Send post request into endpoint http://localhost:8000/api/login/ with user credential :

# username key can use username or email as it's value
username: user # user@api.com
password: user

Example using CURL

curl -X POST http://localhost:8000/api/login/ -b cookies.txt -c cookies.txt -D headers.txt -H 'Content-Type: application/json' -d '
    {
        "username": "user@api.com",
        "password": "user"
    }
'

Refresh token with http-only cookies

Enable when httpOnly value in config/password are set to true. Default value.

In this mode, the refresh token will be set in a cookie with http-only flag, making it inaccessible by scripting languages (ie. javascript), the cookie can be accessed by the server.

Send post request into endpoint http://localhost:8000/api/login/refresh

Example using CURL

curl -X POST http://localhost:8000/api/login/refresh -b cookies.txt -c cookies.txt

Example: Http Response return from server

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImY3ZGM4...",
    "expires_in": 600
}

Refresh token without http-only cookies

Enable when httpOnly value in config/password are set to false.

Send post request into endpoint http://localhost:8000/api/login/refresh

Example 1: using CURL include refreshToken in http request body payload

curl -X POST http://localhost:8000/api/login/refresh -H 'Content-Type: application/json' -d '
    {
        "refreshToken": <REFRESH_TOKEN>,
    }
'

Example 2: using CURL in http request param query-string

curl -X POST http://localhost:8000/api/login/refresh?refreshToken=<REFRESH_TOKEN>

Change <REFRESH_TOKEN> above with refresh token value generated after successful authentication.

Example: Http Response return from server

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImY3ZGM4...",
    "refresh_token": "def502009f7d6d7498d34fe933b76aec8d83958bc2165c17c627c6...",
    "expires_in": 600
}

Logout user

Send post request into endpoint http://localhost:8000/api/logout

Example using CURL

curl -H "Authorization: Bearer <ACCESS_TOKEN>" -X POST http://localhost:8000/api/logout -b cookies.txt -c cookies.txt

Change <ACCESS_TOKEN> above with access token value generated after successful authentication.

Protected resources endpoint

Implement auth:api middleware in any route to make the resources oauth2 protected.

# Example in api/User/Routes/api.php

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

After successful login send get request to http://localhost:8000/api/user/ to get authenticated user data.

Example using CURL

curl -H "Authorization: Bearer <ACCESS_TOKEN>" -X GET http://localhost:8000/api/user/

Change <ACCESS_TOKEN> above with access token value generated after successful authentication.

Send all error/ exception to user email

Make sure the application can send email by providing the correct data in .env

MAIL_DRIVER=
MAIL_HOST=
MAIL_PORT=
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=

Set the LOG_ACTIVITY and SIGNAL_EMAIL_SENT value to true in .env. Provide user email data where it will be sent etc.

LOG_ACTIVITY=true
SIGNAL_EMAIL_SENT=true
SIGNAL_EMAIL_SENT_TO=
SIGNAL_USE_TABLE=signal_log

MAIL_FROM_ADDRESS=
MAIL_FROM_NAME=

In app/Exceptions/Handler.php uncomment the line code bellow, from previously :

# app/Exceptions/Handler.php
...
public function report(Exception $exception)
{
    parent::report($exception);

    # Log all error exception into database.
    # $this->fireLog('error', $exception->getMessage(), ['error' => $exception]);
}
...

Changed into :

# app/Exceptions/Handler.php
...
public function report(Exception $exception)
{
    parent::report($exception);

    # Log all error exception into database.
    $this->fireLog('error', $exception->getMessage(), ['error' => $exception]);
}
...

Global application error exception will be saved into database and sent to user email. The data saved and emailed will include the user ID, request url, request method, client ip, browser, browser version, user OS etc.

Related resources

Oauth2 password grants implementation for this repo located in here
Log message into database through event subscribe using signal
Modules
Framework
Resouce Owner Password Credential Grant
Which grants
Postman API Docs

About Laravel

Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be truly fulfilling. Laravel takes the pain out of development by easing common tasks used in many web projects, such as:

Simple, fast routing engine.
Powerful dependency injection container.
Multiple back-ends for session and cache storage.
Expressive, intuitive database ORM.
Database agnostic schema migrations.
Robust background job processing.
Real-time event broadcasting.

Laravel is accessible, powerful, and provides tools required for large, robust applications.

Learning Laravel

Laravel has the most extensive and thorough documentation and video tutorial library of all modern web application frameworks, making it a breeze to get started with the framework.

If you don't feel like reading, Laracasts can help. Laracasts contains over 1100 video tutorials on a range of topics including Laravel, modern PHP, unit testing, and JavaScript. Boost you and your team's skills by digging into our comprehensive video library.

Laravel Sponsors

We would like to extend our thanks to the following sponsors for funding Laravel development. If you are interested in becoming a sponsor, please visit the Laravel Patreon page.

Contributing

Thank you for considering contributing to the Laravel framework! The contribution guide can be found in the Laravel documentation.

Security Vulnerabilities

If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell via taylor@laravel.com. All security vulnerabilities will be promptly addressed.

License

The Laravel framework is open-source software licensed under the MIT license.