Lumen porting of Laravel Passport. The idea come from but try to make it transparent with original laravel passport
- PHP >= 7.0
- Lumen >= 5.5
First install Lumen if you don't have it yet:
$ composer create-project --prefer-dist laravel/lumen lumen-app
Then install Lumen Passport (it will fetch Laravel Passport along):
$ cd lumen-app
$ composer require nomadnt/lumen-passport
Or if you prefer, edit composer.json
"require": {
"nomadnt/lumen-passport": "~4.0"
We need to enable both Laravel Passport provider and Lumen-specific provider:
// Enable Facades
// Enable Eloquent
// Enable auth middleware (shipped with Lumen)
'auth' => App\Http\Middleware\Authenticate::class,
'throttle' => Nomadnt\LumenPassport\Middleware\ThrottleRequests::class
// Finally register two service providers - original one and Lumen adapter
# Create new tables for Passport
php artisan migrate
# Install encryption keys and other necessary stuff for Passport
php artisan passport:install
Edit config/auth.php to suit your needs. A simple example:
return [
'defaults' => ['guard' => 'api'],
'guards' => [
'api' => ['driver' => 'passport', 'provider' => 'users'],
'providers' => [
'users' => ['driver' => 'eloquent', 'model' => \App\User::class]
Next, you should call the LumenPassport::routes method within the boot method of your application (one of your service providers). This method will register the routes necessary to issue access tokens and revoke access tokens, clients, and personal access tokens:
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Carbon;
use Nomadnt\LumenPassport\Passport;
class AuthServiceProvider extends ServiceProvider{
* Register any application services.
* @return void
public function register(){
* Boot the authentication services for the application.
* @return void
public function boot(){
// register passport routes
// revoke previous tokens
Passport::$revokeOtherTokens = true;
// prune previous tokens istead of mark as revoked
Passport::$pruneRevokedTokens = true;
// change the default token expiration
// change the default refresh token expiration
Make sure your user model uses Passport's HasApiTokens
trait, eg.:
namespace App;
use Illuminate\Auth\Authenticatable;
use Laravel\Passport\HasApiTokens;
use Laravel\Lumen\Auth\Authorizable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
class User extends Model implements AuthenticatableContract, AuthorizableContract
use HasApiTokens, Authenticatable, Authorizable;
// rest of the model