Developer
<?php
namespace Laravel\Passport;
use DateInterval;
use Illuminate\Auth\Events\Logout;
use Illuminate\Config\Repository as Config;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Request;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\ServiceProvider;
use Laravel\Passport\Bridge\PersonalAccessGrant;
use Laravel\Passport\Bridge\RefreshTokenRepository;
use Laravel\Passport\Guards\TokenGuard;
use Laravel\Passport\Http\Controllers\AuthorizationController;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Parser;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
use League\OAuth2\Server\Grant\ImplicitGrant;
use League\OAuth2\Server\Grant\PasswordGrant;
use League\OAuth2\Server\Grant\RefreshTokenGrant;
use League\OAuth2\Server\ResourceServer;
class PassportServiceProvider extends ServiceProvider
{
/**
* Bootstrap the application services.
*
* @return void
*/
public function boot()
{
$this->registerRoutes();
$this->registerResources();
$this->registerMigrations();
$this->registerPublishing();
$this->registerCommands();
$this->deleteCookieOnLogout();
}
/**
* Register the Passport routes.
*
* @return void
*/
protected function registerRoutes()
{
if (Passport::$registersRoutes) {
Route::group([
'as' => 'passport.',
'prefix' => config('passport.path', 'oauth'),
'namespace' => 'Laravel\Passport\Http\Controllers',
], function () {
$this->loadRoutesFrom(__DIR__.'/../routes/web.php');
});
}
}
/**
* Register the Passport resources.
*
* @return void
*/
protected function registerResources()
{
$this->loadViewsFrom(__DIR__.'/../resources/views', 'passport');
}
/**
* Register the Passport migration files.
*
* @return void
*/
protected function registerMigrations()
{
if ($this->app->runningInConsole() && Passport::$runsMigrations && ! config('passport.client_uuids')) {
$this->loadMigrationsFrom(__DIR__.'/../database/migrations');
}
}
/**
* Register the package's publishable resources.
*
* @return void
*/
protected function registerPublishing()
{
if ($this->app->runningInConsole()) {
$this->publishes([
__DIR__.'/../database/migrations' => database_path('migrations'),
], 'passport-migrations');
$this->publishes([
__DIR__.'/../resources/views' => base_path('resources/views/vendor/passport'),
], 'passport-views');
$this->publishes([
__DIR__.'/../config/passport.php' => config_path('passport.php'),
], 'passport-config');
}
}
/**
* Register the Passport Artisan commands.
*
* @return void
*/
protected function registerCommands()
{
if ($this->app->runningInConsole()) {
$this->commands([
Console\InstallCommand::class,
Console\ClientCommand::class,
Console\HashCommand::class,
Console\KeysCommand::class,
Console\PurgeCommand::class,
]);
}
}
/**
* Register the service provider.
*
* @return void
*/
public function register()
{
$this->mergeConfigFrom(__DIR__.'/../config/passport.php', 'passport');
Passport::setClientUuids($this->app->make(Config::class)->get('passport.client_uuids', false));
$this->app->when(AuthorizationController::class)
->needs(StatefulGuard::class)
->give(fn () => Auth::guard(config('passport.guard', null)));
$this->registerAuthorizationServer();
$this->registerClientRepository();
$this->registerJWTParser();
$this->registerResourceServer();
$this->registerGuard();
Passport::authorizationView('passport::authorize');
}
/**
* Register the authorization server.
*
* @return void
*/
protected function registerAuthorizationServer()
{
$this->app->singleton(AuthorizationServer::class, function () {
return tap($this->makeAuthorizationServer(), function ($server) {
$server->setDefaultScope(Passport::$defaultScope);
$server->enableGrantType(
$this->makeAuthCodeGrant(), Passport::tokensExpireIn()
);
$server->enableGrantType(
$this->makeRefreshTokenGrant(), Passport::tokensExpireIn()
);
$server->enableGrantType(
$this->makePasswordGrant(), Passport::tokensExpireIn()
);
$server->enableGrantType(
new PersonalAccessGrant, Passport::personalAccessTokensExpireIn()
);
$server->enableGrantType(
new ClientCredentialsGrant, Passport::tokensExpireIn()
);
if (Passport::$implicitGrantEnabled) {
$server->enableGrantType(
$this->makeImplicitGrant(), Passport::tokensExpireIn()
);
}
});
});
}
/**
* Create and configure an instance of the Auth Code grant.
*
* @return \League\OAuth2\Server\Grant\AuthCodeGrant
*/
protected function makeAuthCodeGrant()
{
return tap($this->buildAuthCodeGrant(), function ($grant) {
$grant->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
});
}
/**
* Build the Auth Code grant instance.
*
* @return \League\OAuth2\Server\Grant\AuthCodeGrant
*/
protected function buildAuthCodeGrant()
{
return new AuthCodeGrant(
$this->app->make(Bridge\AuthCodeRepository::class),
$this->app->make(Bridge\RefreshTokenRepository::class),
new DateInterval('PT10M')
);
}
/**
* Create and configure a Refresh Token grant instance.
*
* @return \League\OAuth2\Server\Grant\RefreshTokenGrant
*/
protected function makeRefreshTokenGrant()
{
$repository = $this->app->make(RefreshTokenRepository::class);
return tap(new RefreshTokenGrant($repository), function ($grant) {
$grant->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
});
}
/**
* Create and configure a Password grant instance.
*
* @return \League\OAuth2\Server\Grant\PasswordGrant
*/
protected function makePasswordGrant()
{
$grant = new PasswordGrant(
$this->app->make(Bridge\UserRepository::class),
$this->app->make(Bridge\RefreshTokenRepository::class)
);
$grant->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
return $grant;
}
/**
* Create and configure an instance of the Implicit grant.
*
* @return \League\OAuth2\Server\Grant\ImplicitGrant
*/
protected function makeImplicitGrant()
{
return new ImplicitGrant(Passport::tokensExpireIn());
}
/**
* Make the authorization service instance.
*
* @return \League\OAuth2\Server\AuthorizationServer
*/
public function makeAuthorizationServer()
{
return new AuthorizationServer(
$this->app->make(Bridge\ClientRepository::class),
$this->app->make(Bridge\AccessTokenRepository::class),
$this->app->make(Bridge\ScopeRepository::class),
$this->makeCryptKey('private'),
app('encrypter')->getKey(),
Passport::$authorizationServerResponseType
);
}
/**
* Register the client repository.
*
* @return void
*/
protected function registerClientRepository()
{
$this->app->singleton(ClientRepository::class, function ($container) {
$config = $container->make('config')->get('passport.personal_access_client');
return new ClientRepository($config['id'] ?? null, $config['secret'] ?? null);
});
}
/**
* Register the JWT Parser.
*
* @return void
*/
protected function registerJWTParser()
{
$this->app->singleton(Parser::class, function () {
return Configuration::forUnsecuredSigner()->parser();
});
}
/**
* Register the resource server.
*
* @return void
*/
protected function registerResourceServer()
{
$this->app->singleton(ResourceServer::class, function ($container) {
return new ResourceServer(
$container->make(Bridge\AccessTokenRepository::class),
$this->makeCryptKey('public')
);
});
}
/**
* Create a CryptKey instance without permissions check.
*
* @param string $type
* @return \League\OAuth2\Server\CryptKey
*/
protected function makeCryptKey($type)
{
$key = str_replace('\\n', "\n", $this->app->make(Config::class)->get('passport.'.$type.'_key') ?? '');
if (! $key) {
$key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');
}
return new CryptKey($key, null, false);
}
/**
* Register the token guard.
*
* @return void
*/
protected function registerGuard()
{
Auth::resolved(function ($auth) {
$auth->extend('passport', function ($app, $name, array $config) {
return tap($this->makeGuard($config), function ($guard) {
app()->refresh('request', $guard, 'setRequest');
});
});
});
}
/**
* Make an instance of the token guard.
*
* @param array $config
* @return \Laravel\Passport\Guards\TokenGuard
*/
protected function makeGuard(array $config)
{
return new TokenGuard(
$this->app->make(ResourceServer::class),
new PassportUserProvider(Auth::createUserProvider($config['provider']), $config['provider']),
$this->app->make(TokenRepository::class),
$this->app->make(ClientRepository::class),
$this->app->make('encrypter'),
$this->app->make('request')
);
}
/**
* Register the cookie deletion event handler.
*
* @return void
*/
protected function deleteCookieOnLogout()
{
Event::listen(Logout::class, function () {
if (Request::hasCookie(Passport::cookie())) {
Cookie::queue(Cookie::forget(Passport::cookie()));
}
});
}
}
Developer
To ensure a smooth integration process and optimal performance, follow these best practices: