You should fork this repository before working with it.
You'll need Vagrant
Once forked and cloned on your local development machine, run composer install
Whenever you start working on your project : vagrant up
When done : vagrant halt
- Oauth2 server provided by laravel/passport.
- Simple Session API built on top of Oauth2 server
- Basic User model
- Custom composer scripts
All scripts must run inside Homestead or production environment:
composer run-script test
: run unit & feature testscomposer run-script setup
: setup application, install passportcomposer run-script reset
: reset application, migrate fresh database, run tests
Outside Homestead, each time you run composer install
, Homestead.yaml is
generated automagically and "post-root-package-install" script is run.
Login user against Oauth2 server.
Request:
Headers:
- Accept : application/json
Body:
{
"email" : " ... USER EMAIL ... ",
"password" : " ... USER PASSWORD ... "
}
Response:
Status Code: 200 (OK) | 401 (Unauthorized) | 422 (Unprocessable Entity)
Body:
200 OK
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": " ... ACCESS_TOKEN_STRING ... ",
"refresh_token": " ... REFRESH_TOKEN_STRING ... "
}
401 Unauthorized
{
"error" : "invalid_credentials",
"error_description" : "The user credentials were incorrect",
"message" : "The user credentials were incorrect"
}
Delete authorization token provided in "Authorization" header, effectively logging out current user.
Request:
Headers:
- Accept : application/json
- Content-Type : application/json
- Authorization : Bearer ...
Response:
Status Code: 204 (NO CONTENT) or 401 (Unauthorized)
Body:
401 Unauthorized
{
"error" : "unauthorized"
}
Refresh a given authorization token, using Oauth2 server.
Request:
Headers:
- Accept : application/json
- Content-Type : application/json
Body:
{
"refresh_token" : " ... REFRESH_TOKEN_STRING ... "
}
Response:
Status Code: 200 (OK) or 422 (Unprocessable Entity)
Body:
200 OK
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": " ... ACCESS_TOKEN_STRING ... ",
"refresh_token": " ... REFRESH_TOKEN_STRING ... "
}
Return back to caller a JSON representation of current user, given an authorization token.
Request:
Headers:
- Accept : application/json
- Content-Type : application/json
- Authorization : Bearer ...
Response:
Status Code: 200 (OK) or 401 (Unauthorized)
Body:
200 OK
{
"id": Integer,
"name": String,
"email": String,
"email_verified_at": Date,
"created_at": Date,
"updated_at": Date
}