Laravel 5.4 – OAuth2 Passport Authentation via Mobile Web Services

Laravel support many types of authentications like session, files, tokens with the website, but what about the APIs outside the site or a web service calls from mobile application. Till now we were using the “once:basic” method to authorise the external request from mobile application request of API request.

From Laravel 5.3, it came up with the amazing authentication method called “Passport” to authorise the external request from the internet like accessing the data using API calls as well as the web service calls from the android or IOS mobile applications.

Laravel Passport provides OAuth2 server implementation in a couple of minutes.

I found many developers have only one question which is “Laravel Passport is a very good method to authorise the third party requests, but how do I implement Laravel Passport with the mobile application web-calls/web APIs/web services calls“.

So to get rid out of this, let’s dive into the implementation of Laravel Passport Authentication.

To get started we have to install Laravel Passport into our application, we will do the same via composer.

Open the command prompt in windows and terminal in mac. I assume that your present working directory is the application in which you are going to implement the Passport authentication. Fire below command to install Passport.

Next, to use the Passport in our application we have to register it as a provider in the array of  “providers” in “config/app.php” file. add below line in an array called “providers“.

Passport will use it’s own database tables to configure and authorise the requests. So once you get it done with the above things let’s migrate the database with the Passport migrations. Fire below command in your terminal.

This will create the tables which are required to store the access tokens of the authorized users. Now let’s fire last command of the passport installation process.

This command will install Laravel Passport service in your application, and will create the encryption keys to generate the secure access tokens for the authorised users.

After firing the above command let’s add the “HasApiTokens” trait to the “app\User” model. By this you can inspect the user’s token and scopes. add below line over the class definition.

Add below code inside the class definition.

The whole “App\User” model will look like:

Now let’s edit the “AuthserviceProvider”. Open “app\Providers\AuthServiceProvider.php” and add below line above the class definition.

Add below line in the boot() method of the AuthServiceProvider class

This will register the routes which are required to use Passport authentication.
Finally let’s update the authentication guard in “config/auth.php” let’s update the driver of the api authentication guard to passport instead of tokens.

Replace above guards array with the below one in auth.php file

Whohaaa! all the configurations have been completed now let’s add api routes and start using the APIs via passport authorisation. As we are registering routes for the APIs, we will add the routes in “api.php” file.

Open routes\api.php file and add below route to access the login api.

Above route will point the login() method of the UserController class. Let’s create UserController in app\Http\Controllers\api by artisan command:

Now open UserController class file and add the login() method code which will authorise the user and send the accessToken in the response after successful authorisation.

The UserController file will look like below.

The above code will authorise the valid user and redirect the user to login page if not valid. But as we are using this API from mobile application we are supposed to send the response, instead of redirecting the user login. To do this we have to send “Accept : application/json” along with the header. This will send the response in json format and will not redirect the user to login page.


As we assume that user has been authorised successfully and received the accessToken, now we will use that access token while requesting other APIs. You have to send the accessToken in Authorization header along with the Bearer keyword, refer below screenshot.


While this request the below code has been run to return the response of the user details. Now the UserController will look like below:

That’s it. you can add other controllers and methods like above.

Cheers!!! 🙂


Chirag Malaviya Web Developer

Chirag is a PHP Web Developer at Yudiz Solutions Pvt. Ltd., who has the knowledge of Codeigniter and laravel frameworks, Node.js and socket programming. He is always eager to learn latest technology and find the tricky ways to make the things easy. He likes to face the technological challenges. He likes to get in touch with people with whom he can do something innovative.

Comments are closed.