README

This package provides the same cookie based auth that the CreateFreshApiToken middleware does, but for client_credentials. This is useful when you protect non-user routes, but still want to consume them on the frontend without introducing a proxy.

Most of the code contained in this package is taken from Laravel Passport and adapted for this use-case - all credit goes to that repo.

Installation

composer require netsells/passport-client-cookie

Add to your app.php if not using Laravel 5.5+

    // Other service providers
    Netsells\PassportClientCookie\ServiceProvider::class,
],

Usage

In Http/Kernel.php:

Add to your web middleware group, probably at the bottom.

\Netsells\PassportClientCookie\Middleware\CreateFreshClientCredentialsApiToken::class,

Replace your CheckClientCredentials route middleware with the passport client check:

'client' => \Netsells\PassportClientCookie\Middleware\CheckClientCredentials::class,

Testing

You can disable the checking middleware by pulling the WithoutClientCredentialsMiddleware trait in and calling $this->withoutClientCredentialsMiddleware() at the top of your test.