stancl/tenancy-docs
1
0
Fork 0
mirror of https://github.com/stancl/tenancy-docs.git synced 2025-12-12 10:14:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
tenancy-docs/source/docs/v3/integrations/passport.blade.md
Samuel Štancl e6e3fc3a23
Passport rewrite (#185) 
* Update passport.blade.md (#184)

* Update passport.blade.md

* wording change to trigger ci

* Fix markdown

Co-authored-by: Samuel Štancl <samuel@archte.ch>

* Make the links work (+ automatic formatting correction)

* Make the links non-bold

* darkons' rewrite

* Passport docs page rewrite

* Fix heading levels

* Add warning

Co-authored-by: David SP <darkons@gmail.com>
Co-authored-by: lukinovec <lukinovec@gmail.com>
2022-08-09 18:24:43 +02:00

5.4 KiB
Raw Blame History

title extends section
Laravel Passport integration _layouts.documentation content

Laravel Passport

Tip: If you just want to write an SPA application but don't need an API for some other use (e.g., a mobile app), you can avoid a lot of the complexity of writing SPAs by using Inertia.js.

Another tip: Using Passport only in the central application doesn't require any additional configuration. You can just install it following the official Laravel Passport documentation.

Using Passport in the tenant application only

Note: Don't use the passport:install command. The command creates the encryption keys & two clients in the central application. Instead of that, we'll generate the keys and create the clients manually later.

To use Passport inside the tenant part of your application, you may do the following.

  1. Publish the Passport migrations by running php artisan vendor:publish --tag=passport-migrations and move them your tenant migration directory (database/migrations/tenant/).

  2. Publish the Passport config by running php artisan vendor:publish --tag=passport-config. Then, make Passport use the default database connection by setting the storage database connection to null. passport:keys puts the keys in the storage/ directory by default you can change that by setting the key path.

    return [
    'storage' => [
        'database' => [
            'connection' => null,
        ],
    ],
    'key_path' => env('OAUTH_KEY_PATH', 'storage') // This is optional
];

  3. Prevent Passport migrations from running in the central application by adding Passport::ignoreMigrations() to the register method in your AppServiceProvider.

  4. Apply Passport migrations by running php artisan migrate.

  5. Register the Passport routes in your AuthServiceProvider by adding the following code to the provider's boot method.

    Passport::routes(null, ['middleware' => [
    InitializeTenancyByDomain::class, // Or other identification middleware of your choice
    PreventAccessFromCentralDomains::class,
]]);

  6. Set up the encryption keys.

Using Passport in both the tenant and the central application

To use Passport in both the tenant and the central application, follow the steps for using Passport in the tenant appliction with the following adjustments:

  1. Copy the Passport migrations to the central application, so that the Passport migrations are in both the central and the tenant application.
  2. Remove Passport::ignoreMigrations() from the register method in your AppServiceProvider (if it is there).
  3. In your AuthServiceProvider's boot method, add the 'universal' middleware to the Passport routes, and remove the PreventAccessFromCentralDomains::class middleware (if it is there). The routes should look like this:
Passport::routes(null, ['middleware' => [
    'universal',
    InitializeTenancyByDomain::class
]]);
  1. Enable [universal routes]({{ $page->link('features/universal-routes') }}) to make Passport routes accessible to both apps.

Passport encryption keys

Shared keys

To generate a single Passport key pair for the whole app, create Passport clients for your tenants by adding the following code to your [tenant database seeder]({{ $page->link('configuration/#seeder-parameters') }}).

public function run()
{
    $client = new ClientRepository();

    $client->createPasswordGrantClient(null, 'Default password grant client', 'http://your.redirect.path');
    $client->createPersonalAccessClient(null, 'Default personal access client', 'http://your.redirect.path');
}

You can set your tenant database seeder class in config/tenancy.php file at seeder_parameters key.

Then, seed the database and generate the key pair by running php artisan passport:keys.

Tenant-specific keys

Note: The security benefit of doing this is negligable since you're likely already using the same APP_KEY for all tenants. This is a relatively complex approach, so before implementing it, make sure you really want it. Using shared keys instead is strongly recommended.

Warning: The usage of tenant specific keys has not been fully tested. [Feel free to contribute to this section.]({{ $page->editLink() }})

If you want to use a unique Passport key pair for each tenant, there are multiple ways to store and load tenant Passport keys. The most straightforward way is to store them in the Tenant model and load them into the Passport configuration using the [Tenant Config]({{ $page->link('features/tenant-config') }}) feature. Then, you can access the keys like $tenant->passport_public_key.

To achieve that, enable the [Tenant Config]({{ $page->link('features/tenant-config') }}) feature, and configure the storage-to-config mapping in the boot method of your TenancyServiceProvider this way:

\Stancl\Tenancy\Features\TenantConfig::$storageToConfigMap = [
    'passport_public_key' => 'passport.public_key',
    'passport_private_key' => 'passport.private_key',
];