Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nuxt-alt/auth/llms.txt

Use this file to discover all available pages before exploring further.

The Laravel Passport provider configures @nuxt-alt/auth to authenticate users against a Laravel backend running Laravel Passport. It supports two distinct flows selected by the grantType you specify in your strategy config: the authorization code flow (the default, using the oauth2 scheme with a server-side authorize route) and the password grant flow (using the refresh scheme for direct credential exchange with refresh token rotation). All endpoint URLs are derived from the url you provide.

Required Options

OptionTypeDescription
urlstringThe base URL of your Laravel application, e.g. http://localhost:8000
clientIdstringThe Passport OAuth client ID
clientSecretstringThe Passport OAuth client secret

Configuration

Authorization Code Flow (default)

The authorization code flow redirects the user to the Passport authorization page and exchanges the code server-side. This is the recommended flow for SPA authentication.
export default defineNuxtConfig({
  auth: {
    strategies: {
      laravelPassport: {
        url: 'http://localhost:8000',
        clientId: 'YOUR_CLIENT_ID',
        clientSecret: 'YOUR_CLIENT_SECRET',
        // grantType defaults to 'authorization_code'
      },
    },
  },
})

Password Grant Flow

The password grant flow exchanges a username and password directly for tokens without a redirect. Use this for first-party clients where you control the login form.
export default defineNuxtConfig({
  auth: {
    strategies: {
      laravelPassport: {
        url: 'http://localhost:8000',
        clientId: 'YOUR_CLIENT_ID',
        clientSecret: 'YOUR_CLIENT_SECRET',
        grantType: 'password',
      },
    },
  },
})

Auto-Configured Defaults

Authorization Code Flow

PropertyAuto-Configured Value
scheme'oauth2'
endpoints.authorization{url}/oauth/authorize
endpoints.token{url}/oauth/token
endpoints.userInfo{url}/api/auth/user
endpoints.logoutfalse (disabled)
responseType'code'
grantType'authorization_code'
scope'*'
token.property'access_token'
token.type'Bearer'
token.name'Authorization'
token.maxAge31536000 (1 year, in seconds)
refreshToken.property'refresh_token'
refreshToken.maxAge2592000 (30 days, in seconds)
user.propertyfalse

Password Grant Flow

PropertyAuto-Configured Value
scheme'refresh'
endpoints.token{url}/oauth/token
endpoints.login.baseURL''
endpoints.refresh.baseURL''
endpoints.logoutfalse (disabled)
endpoints.user.url{url}/api/auth/user
grantType'password'
token.property'access_token'
token.type'Bearer'
token.maxAge31536000 (1 year, in seconds)
refreshToken.property'refresh_token'
refreshToken.maxAge2592000 (30 days, in seconds)
user.propertyfalse

Logging In

Authorization code flow — redirects the user to the Passport authorization page:
const auth = useAuth()
await auth.loginWith('laravelPassport')
Password grant flow — submits credentials directly:
const auth = useAuth()
await auth.loginWith('laravelPassport', {
  body: {
    username: 'user@example.com',
    password: 'password',
  },
})
When using the password grant flow, you must create a Laravel Passport Password Grant Client (php artisan passport:client --password) and use the resulting client ID and secret. The password grant is disabled by default in newer versions of Passport — enable it in your AuthServiceProvider with Passport::enablePasswordGrant().

Build docs developers (and LLMs) love