The Laravel Passport provider configuresDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt
Use this file to discover all available pages before exploring further.
@nuxt-alt/auth to authenticate users against a Laravel backend running Laravel Passport. It supports two distinct flows selected by the grantType you specify in your strategy config: the authorization code flow (the default, using the oauth2 scheme with a server-side authorize route) and the password grant flow (using the refresh scheme for direct credential exchange with refresh token rotation). All endpoint URLs are derived from the url you provide.
Required Options
| Option | Type | Description |
|---|---|---|
url | string | The base URL of your Laravel application, e.g. http://localhost:8000 |
clientId | string | The Passport OAuth client ID |
clientSecret | string | The Passport OAuth client secret |
Configuration
Authorization Code Flow (default)
The authorization code flow redirects the user to the Passport authorization page and exchanges the code server-side. This is the recommended flow for SPA authentication.Password Grant Flow
The password grant flow exchanges a username and password directly for tokens without a redirect. Use this for first-party clients where you control the login form.Auto-Configured Defaults
Authorization Code Flow
| Property | Auto-Configured Value |
|---|---|
scheme | 'oauth2' |
endpoints.authorization | {url}/oauth/authorize |
endpoints.token | {url}/oauth/token |
endpoints.userInfo | {url}/api/auth/user |
endpoints.logout | false (disabled) |
responseType | 'code' |
grantType | 'authorization_code' |
scope | '*' |
token.property | 'access_token' |
token.type | 'Bearer' |
token.name | 'Authorization' |
token.maxAge | 31536000 (1 year, in seconds) |
refreshToken.property | 'refresh_token' |
refreshToken.maxAge | 2592000 (30 days, in seconds) |
user.property | false |
Password Grant Flow
| Property | Auto-Configured Value |
|---|---|
scheme | 'refresh' |
endpoints.token | {url}/oauth/token |
endpoints.login.baseURL | '' |
endpoints.refresh.baseURL | '' |
endpoints.logout | false (disabled) |
endpoints.user.url | {url}/api/auth/user |
grantType | 'password' |
token.property | 'access_token' |
token.type | 'Bearer' |
token.maxAge | 31536000 (1 year, in seconds) |
refreshToken.property | 'refresh_token' |
refreshToken.maxAge | 2592000 (30 days, in seconds) |
user.property | false |
Logging In
Authorization code flow — redirects the user to the Passport authorization page:When using the password grant flow, you must create a Laravel Passport Password Grant Client (
php artisan passport:client --password) and use the resulting client ID and secret. The password grant is disabled by default in newer versions of Passport — enable it in your AuthServiceProvider with Passport::enablePasswordGrant().