Add custom middleware to Laravel Passport endpoints

9
votes

I have a standard Laravel Passport setup on 5.4 - it all works fine and is generating tokens.

I protect my API routes using the auth:api middleware as well as a custom middleware that checks that specific headers in a request are present and valid before any requests are handled. This middleware works fine for the API routes group.

Is there a way to wrap the Passport routes generated by laravel '.../oauth/token' in this middleware as well?

Currently I have set up the routes in my AuthServiceProvider.php boot() method:

public function boot()
{
    $this->registerPolicies();

    // Passport/OAuth
    Passport::routes(function ($router) {
      $router->forAccessTokens();
      $router->forTransientTokens();
    });

    Passport::tokensExpireIn(Carbon::now()->addDays(7));

    Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
}

The end goal is that the oauth endpoints will return an error if the headers are not present.

3
phplaravelroutesmiddlewarelaravel-passport

3 Answers

4
votes

If you only need to add middleware to one Passport route for example /oauth/token, you can do it this way:

  1. Look up the route you need by typing php artisan r:l
  2. Check the controller and method used for this route, in out example it is going to be AccessTokenController@issueToken
  3. Create the controller that extends AccessTokenController, you can leave it empty
namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Laravel\Passport\Http\Controllers\AccessTokenController;

class ApiTokenController extends AccessTokenController
{

}
  1. Then create a route to that controller and method (as this controller inherits all the parent controller methods):

Route::middleware('MyMiddleware')->post('/api-token', 'ApiTokenController@issueToken');

18
votes

You can try this: Go to app/Providers/AuthServiceProvider and look for the function boot(). In this function you will see a line for registering routes for Passport. The default code is Passport::routes(). This routes() method accepts an options array as second argument. You can use it to set middlewares for Passport routes.

Passport::routes(null, ['middleware' => 'api']);
5
votes

In the app/Providers/AuthServiceProvider include the Route facade by adding this use statement somewhere in the top:

use Illuminate\Support\Facades\Route;

Then on the boot() method, put the Passport::routes() inside a Route::group() like this: 

Route::group(['middleware'=>'MyFunkyCustomMiddleware'], function(){
    Passport::routes(); // <-- Replace this with your own version
});

Hope that helps!