11

I have a standard Laravel Passport setup on 5.4 - it all works fine and is generating tokens.

I protect my API routes using the auth:api middleware as well as a custom middleware that checks that specific headers in a request are present and valid before any requests are handled. This middleware works fine for the API routes group.

Is there a way to wrap the Passport routes generated by laravel '.../oauth/token' in this middleware as well?

Currently I have set up the routes in my AuthServiceProvider.php boot() method:

public function boot()
{
    $this->registerPolicies();

    // Passport/OAuth
    Passport::routes(function ($router) {
      $router->forAccessTokens();
      $router->forTransientTokens();
    });

    Passport::tokensExpireIn(Carbon::now()->addDays(7));

    Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}

The end goal is that the oauth endpoints will return an error if the headers are not present.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
fatuous.logic
  • 750
  • 1
  • 5
  • 16

3 Answers3

20

You can try this: Go to app/Providers/AuthServiceProvider and look for the function boot(). In this function you will see a line for registering routes for Passport. The default code is Passport::routes(). This routes() method accepts an options array as second argument. You can use it to set middlewares for Passport routes.

Passport::routes(null, ['middleware' => 'api']);
rineez
  • 753
  • 13
  • 33
rdehnhardt
  • 310
  • 2
  • 8
  • 1
    This worked for me. To target a specific route within the middleware: ` public function handle($request, Closure $next, $guard = null) { if( $request->path() != 'oauth/authorize' || $request->method() != 'POST' ) { return $next($request); } }` – jake May 08 '20 at 12:31
7

In the app/Providers/AuthServiceProvider include the Route facade by adding this use statement somewhere in the top:

use Illuminate\Support\Facades\Route;

Then on the boot() method, put the Passport::routes() inside a Route::group() like this: 

Route::group(['middleware'=>'MyFunkyCustomMiddleware'], function(){
    Passport::routes(); // <-- Replace this with your own version
});

Hope that helps!

Martin Joiner
  • 3,529
  • 2
  • 23
  • 49
6

If you only need to add middleware to one Passport route for example /oauth/token, you can do it this way:

  1. Look up the route you need by typing php artisan r:l
  2. Check the controller and method used for this route, in out example it is going to be AccessTokenController@issueToken
  3. Create the controller that extends AccessTokenController, you can leave it empty
namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Laravel\Passport\Http\Controllers\AccessTokenController;

class ApiTokenController extends AccessTokenController
{

}
  1. Then create a route to that controller and method (as this controller inherits all the parent controller methods):

Route::middleware('MyMiddleware')->post('/api-token', 'ApiTokenController@issueToken');

Varin
  • 2,354
  • 2
  • 20
  • 37