Natuurlijk! Hieronder vind je een stapsgewijze handleiding voor het opzetten van een API authenticatie- en autorisatiesysteem in Laravel met Laravel Passport, inclusief gebruikersregistratie, tokenbeheer, scopes en beveiligde routes. --- ### 1. Installatie en setup van Laravel Passport 1. Installeer Laravel Passport via Composer: ```bash composer require laravel/passport ``` 2. Voer de installatie- en migratiecommando’s uit: ```bash php artisan migrate php artisan passport:install ``` 3. Voeg de `HasApiTokens` trait toe aan je `User` model: ```php use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens, Notifiable; } ``` 4. In `AuthServiceProvider`, registreer Passport: ```php use Laravel\Passport\Passport; public function boot() { $this->registerPolicies(); Passport::routes(); } ``` 5. Configureer je `api.php` routes met de middleware: ```php Route::middleware('auth:api')->group(function () { // beveiligde routes }); ``` --- ### 2. Gebruikersregistratie met email verificatie 1. Maak een registratiecontroller: ```bash php artisan make:controller Auth/RegisterController ``` 2. Implementeer registratiefunctie met email verificatie: ```php use App\Models\User; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; class RegisterController extends Controller { public function register(Request $request) { $validator = Validator::make($request->all(), [ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8|confirmed', ]); if ($validator->fails()) { return response()->json($validator->errors(), 422); } $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); // Verzend verificatielink (bijvoorbeeld via Laravel's email verificatie) $user->sendEmailVerificationNotification(); return response()->json(['message' => 'Registratie voltooid. Verificatie email verzonden.'], 201); } } ``` 3. Voeg route toe in `routes/api.php`: ```php Route::post('/register', [RegisterController::class, 'register']); ``` 4. In `User` model, implementeer `MustVerifyEmail` interface: ```php use Illuminate\Contracts\Auth\MustVerifyEmail; class User extends Authenticatable implements MustVerifyEmail { // ... } ``` 5. Zorg dat email verificatie wordt afgehandeld door Laravel. --- ### 3. Tokengeneratie en beheer **Aanvraag van token (bijvoorbeeld login):** Maak een controller voor authenticatie: ```php php artisan make:controller Auth/LoginController ``` ```php use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; class LoginController extends Controller { public function login(Request $request) { $credentials = $request->validate([ 'email' => 'required|email', 'password' => 'required', ]); if (Auth::attempt($credentials)) { $user = Auth::user(); // Maak token aan met scopes $tokenResult = $user->createToken('Personal Access Token', ['user']); // of ['admin'], afhankelijk van rol return response()->json([ 'access_token' => $tokenResult->accessToken, 'token_type' => 'Bearer', 'expires_at' => $tokenResult->token->expires_at, ]); } return response()->json(['error' => 'Ongeldige gegevens'], 401); } } ``` **Route:** ```php Route::post('/login', [LoginController::class, 'login']); ``` **Token intrekken (logout):** ```php public function logout(Request $request) { $request->user()->token()->revoke(); return response()->json(['message' => 'Token ingetrokken']); } ``` --- ### 4. Scopes en toegangscontrole **Definieer scopes in `AuthServiceProvider`:** ```php use Laravel\Passport\Passport; public function boot() { $this->registerPolicies(); Passport::routes(); Passport::tokensCan([ 'user' => 'Toegang tot gebruikersprofiel', 'admin' => 'Administratietoegang', ]); } ``` **Tokens maken met scopes:** Bij login of tokenaanmaak: ```php $user->createToken('Token Naam', ['user'])->accessToken; ``` **Routes beveiligen met scopes:** ```php Route::middleware(['auth:api', 'scopes:user'])->get('/api/profile', function (Request $request) { return $request->user(); }); Route::middleware(['auth:api', 'scopes:admin'])->get('/api/admin', function (Request $request) { // Alleen voor admin scope }); ``` --- ### 5. Voorbeelden van het maken en intrekken van tokens **Token maken:** ```php $token = $user->createToken('Admin Token', ['admin'])->accessToken; ``` **Token intrekken (revoken):** ```php $tokenInstance = $request->user()->token(); $tokenInstance->revoke(); ``` Of via de `Token` model: ```php use Laravel\Passport\Token; $token = Token::find($tokenId); $token->revoke(); ``` --- ### Samenvatting - Installeer en configureer Laravel Passport - Implementeer registratie met email verificatie - Maak login route die tokens genereert met scopes - Beveilig API-eindpunten met scopes - Voor tokenbeheer, gebruik `revoke()` om tokens in te trekken Als je hulp nodig hebt bij verdere implementatie of details, laat het gerust weten!

Hier is een stapsgewijze handleiding voor het implementeren van API-authenticatie met Laravel Passport: ## 1. Installatie en Configuratie ```bash composer require laravel/passport php artisan migrate php artisan passport:install ``` Voeg in `App\Models\User`: ```php use Laravel\Passport\HasApiTokens; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; } ``` In `config/auth.php`: ```php 'guards' => [ 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ], ``` ## 2. Gebruikersregistratie met Emailverificatie **Registratie Controller (`app/Http/Controllers/Auth/RegisterController.php`):** ```php <?php namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Models\User; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use Illuminate\Auth\Events\Registered; class RegisterController extends Controller { public function register(Request $request) { $validated = $request->validate([ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8|confirmed', ]); $user = User::create([ 'name' => $validated['name'], 'email' => $validated['email'], 'password' => Hash::make($validated['password']), 'email_verified_at' => null, ]); event(new Registered($user)); return response()->json([ 'message' => 'Gebruiker succesvol geregistreerd. Verifieer je email.', ], 201); } } ``` **Emailverificatie Routes in `routes/api.php`:** ```php use App\Http\Controllers\Auth\VerificationController; // Email verificatie routes Route::get('email/verify/{id}/{hash}', [VerificationController::class, 'verify']) ->name('verification.verify'); Route::get('email/resend', [VerificationController::class, 'resend']) ->name('verification.resend'); ``` ## 3. Scopes Configuratie In `App\Providers\AuthServiceProvider`: ```php use Laravel\Passport\Passport; public function boot() { Passport::tokensCan([ 'user' => 'Toegang tot gebruikersprofiel', 'admin' => 'Toegang tot admin functies', ]); Passport::setDefaultScope(['user']); } ``` ## 4. Beveiligde API Routes In `routes/api.php`: ```php use Illuminate\Support\Facades\Route; // Publieke routes Route::post('register', [RegisterController::class, 'register']); Route::post('login', [LoginController::class, 'login']); // Beveiligde routes met scopes Route::middleware(['auth:api', 'scope:user'])->group(function () { Route::get('profile', [ProfileController::class, 'show']); }); Route::middleware(['auth:api', 'scope:admin'])->group(function () { Route::get('admin', [AdminController::class, 'index']); }); // Token management Route::middleware('auth:api')->group(function () { Route::get('tokens', [TokenController::class, 'index']); Route::delete('tokens/{token_id}', [TokenController::class, 'destroy']); }); ``` ## 5. Token Management Voorbeelden **Token Controller (`app/Http/Controllers/TokenController.php`):** ```php <?php namespace App\Http\Controllers; use Illuminate\Http\Request; use Laravel\Passport\Token; class TokenController extends Controller { // Toon alle tokens van gebruiker public function index(Request $request) { return $request->user()->tokens; } // Maak nieuwe token met specifieke scopes public function createToken(Request $request) { $token = $request->user()->createToken('API Token', ['user', 'admin']); return response()->json([ 'token' => $token->accessToken, 'token_type' => 'Bearer', 'expires_at' => $token->token->expires_at, ]); } // Trek token in public function destroy(Request $request, $tokenId) { $request->user()->tokens()->where('id', $tokenId)->delete(); return response()->json(['message' => 'Token ingetrokken']); } // Trek alle tokens in public function revokeAll(Request $request) { $request->user()->tokens()->delete(); return response()->json(['message' => 'Alle tokens ingetrokken']); } } ``` ## 6. Gebruiksvoorbeelden **Token aanmaken:** ```bash # Personal Access Token curl -X POST http://localhost:8000/oauth/personal-access-tokens \ -H "Accept: application/json" \ -H "Authorization: Bearer {existing_token}" \ -d "name=My Token" \ -d "scopes[]=user" \ -d "scopes[]=admin" ``` **API aanroepen met token:** ```bash # Profile endpoint curl -X GET http://localhost:8000/api/profile \ -H "Accept: application/json" \ -H "Authorization: Bearer {access_token}" # Admin endpoint curl -X GET http://localhost:8000/api/admin \ -H "Accept: application/json" \ -H "Authorization: Bearer {access_token}" ``` **Token intrekken:** ```bash curl -X DELETE http://localhost:8000/api/tokens/{token_id} \ -H "Accept: application/json" \ -H "Authorization: Bearer {access_token}" ``` ## 7. Extra Configuratie In `.env`: ``` PASSPORT_PERSONAL_ACCESS_CLIENT_ID=1 PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=your-secret ``` Dit systeem biedt een complete authenticatie- en autorisatieoplossing met rolgebaseerde toegang via scopes.