Usage
Adding guard to app route
Not every route exists in our app needs to be protected by the Auth Server. However, we can easily do that with just a
few lines of code.
Simply add auth:ppi-oauth into the route middleware. This enables our Auth guard to check all incoming requests and
verify users' authentication from our OAuth server.
//Example
Route::group(['middleware' => ['auth:ppi-oauth']], function () {
//our protected routes...
});
Once auth:ppi-oauth is added to the route middleware, the Auth server will verify the JWT token and the users'
permissions if they are defined within the controller actions, ensuring secure access to protected routes.
Define and verify user permissions
Ensure that our User Model is connected to the Auth server
database connection.
otherwise, this process will fail.
To restrict users from performing unwanted actions, we need to manually bind each controller actions with a set of permissions.
Create a constructor in the Controller then bind the controller actions with the desired permissions.
NOTE: if none are set then the controller are freely executed!
//Example controller
class ExampleController extend Controller
{
public function __construct()
{
//single permission with single action
$this->middleware('permission:Read')->only('index');
//single permission with multiple actions
$this->middleware('permission:Read')->only(['index', 'show']);
//multiple permissions with single action
$this->middleware('permission:Read|View')->only('index');
}
public function index() {/*function code...*/}
public function show() {/*function code...*/}
}
✨ Congratulations we can now start managing our application with ease!
Table of Contents