Laravel oAuth Middleware for from Laravel/Passport separated Resource Servers. It does not make any roundtrip to the laravel/passport server but instead validates the JWT Bearer Token and takes the user & scopes directly out of the signed token.
Think about:
- Caching
- Revoked tokens
- CSRF Tokens
- User Migration breaks everything
You can install the package via composer:
composer require ndberg/laravel-passport-resource-server-middleware
- publish assets
- migrate db (-> ACHTUNG Users table)
- Change User Model, add id
- Copy public key from laravel/passport
Add the Middleware to the routes:
Route::middleware('VerifyAccessToken')->get('/auth', function (Request $request) {
return "No Auth";
});
Add
// Usage description here
As it makes no additional call to the laravel/passport server, it can't check if a token is revoked! As of this you should just use short lifetime access tokens < ~1h.
composer test
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email a@bergerweb.ch instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.