OAuth 2.0 - ml-archive/nodes-php-api GitHub Wiki
See the Authentication chapter for a guide on how to configure an OAuth 2.0 provider.
Defining Route Scopes
By using scopes you'll have more control over who can access your protected endpoints. Scopes can be set on a group or a route as either an array of pipe delimited string.
Route Group Scopes
api_version('v1', ['middleware' => 'api.auth', 'scopes' => ['read_user_data', 'write_user_data']], function ($api) {
// Only access tokens with the "read_user_data" scope will be given access.
});
Specific Route Scopes
api_version('v1', ['middleware' => 'api.auth'], function ($api) {
api_get('user', ['scopes' => 'read_user_data', function () {
// Only access tokens with the "read_user_data" scope will be given access.
}]);
});
Controller Scopes
If your controllers use the Nodes\Api\Routing\Helpers trait you can use the scopes method.
use Nodes\Api\Routing\Helpers;
class UserController extends Controller
{
use Helpers;
public function __construct()
{
$this->scopes('read_user_data');
}
}
You can define the methods you want the scopes to apply to via the second parameter, either as a pipe separated string or as an array. If you do not supply the methods then the scopes will apply to all methods. You can also use the except and only array keys to apply the scopes to a subset of methods.
use Nodes\Api\Routing\Helpers;
class UserController extends Controller
{
use Helpers;
public function __construct()
{
// Only apply to the index method.
$this->scopes('read_user_data', 'index');
// Apply to every method except the store method.
$this->scopes('read_user_data', ['except' => 'store']);
// Apply only to the store method.
$this->scopes('write_user_data', ['only' => ['store']]);
}
public function index()
{
//
}
public function store()
{
//
}
}