Skip to content
This repository has been archived by the owner on Oct 31, 2024. It is now read-only.

Middleware for separate Resource Servers (API) with Laravel Passport as oAuth introspection server

License

Notifications You must be signed in to change notification settings

ndberg/laravel-passport-resource-server-middleware

Repository files navigation

Description

Latest Version on Packagist Build Status Quality Score Total Downloads

Laravel oAuth Middleware for from Laravel/Passport separated Resource Servers. It does not make any roundtrip to the laravel/passport server but instead validates the JWT Bearer Token and takes the user & scopes directly out of the signed token.

Think about:

  • Caching
  • Revoked tokens
  • CSRF Tokens
  • User Migration breaks everything

Installation

You can install the package via composer:

composer require ndberg/laravel-passport-resource-server-middleware
  • publish assets
  • migrate db (-> ACHTUNG Users table)
  • Change User Model, add id
  • Copy public key from laravel/passport

Add the Middleware to the routes:

Route::middleware('VerifyAccessToken')->get('/auth', function (Request $request) {
    return "No Auth";
});

Add

Usage

// Usage description here

Security

As it makes no additional call to the laravel/passport server, it can't check if a token is revoked! As of this you should just use short lifetime access tokens < ~1h.

Testing

composer test

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email a@bergerweb.ch instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

About

Middleware for separate Resource Servers (API) with Laravel Passport as oAuth introspection server

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages