The TutsPlus.com site has a new tutorial posted showing you how to create an OAuth2 server with Laravel and the help of the Passport library.

In this article, we’re going to explore how you could set up a fully fledged OAuth2 server in Laravel using the Laravel Passport library. We’ll go through the necessary server configurations along with a real-world example to demonstrate how you could consume OAuth2 APIs.

I assume that you’re familiar with the basic OAuth2 concepts and flow as we’re going to discuss them in the context of Laravel. In fact, the Laravel Passport library makes it pretty easy to quickly set up an OAuth2 server in your application. Thus, other third-party applications are able to consume APIs provided by your application.

The article is then divided up into the steps (code, configuration changes, and commands) required to get the system up and running:

• Installation of Passport (requires a Laravel app already installed)
• Changing the User model to add the "remember_token" field
• Setting up some demo resources
• Adding the middleware and routes to handle the requests

The tutorial then spends some time showing how to consume OAuth2 APIs and makes use of the Passport "client" to make some sample requests. Finally, it walks you through the whole process of the OAuth2 experience from a user perspective, including some code to manually make the connection from plain PHP.

Esben Petersen has posted the fourth part of his tutorial series covering the creation of a "modern REST API" with Laravel. In this latest article he focuses on authenticating users with the help of an OAuth2 flow.

OAuth is all around us. Most of us have tried to login to a 3rd party service using our Facebook or Google account as a login. This login mechanism is one of many OAuth authentication types. However, you can also use OAuth to generate simple API keys. One of the OAuth authentication types generates API keys based on username and password and is therefore a solid authentication choice for SaaS-style apps. This article will explore how to setup the password grant authentication type in Laravel using Laravel Passport.

The article is broken up into a few different sections, each with explanations and code where appropriate to help illustrate the point:

• a basic introduction to OAuth2 and grants
• authentication in single-page applications
• dependencies to use (and install/configuration)
• creating the login proxy
• building a consumer

The final step is an example (using a curl command) to test the API and ensure things are working as expected. The post ends with a more "real world" example of a Slack-style application and linking channels and user but only showing the channels users have access to based on scope.

On the Laravel News site today they've posted a tutorial helping you learn more about the grant types in the OAuth2 functionality provided by Laravel Passport.

OAuth2 is a security framework that controls access to protected areas of an application, and it’s mainly used to control how different clients consume an API ensuring they have the proper permissions to access the requested resources.

Laravel Passport is a full OAuth2 server implementation; it was built to make it easy to apply authentication over an API for laravel-based web applications.

For those not familiar with some of the terms around OAuth and its handling, they start with a few brief definitions (those that are familiar can skip them). Following this the post gets into the creation of a two kinds of grant handling with Passport: third-party authorizations and first-party applications (your own apps authenticating against the OAuth server). The post ends with a brief mention of creating access tokens manually, but points out that thing functionality should probably only be used during testing.

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).