Get authenticated user with Laravel Passport and grant password

laravel passport get('/user from token)
laravel passport get('/user from access token)
laravel api authentication without passport
laravel passport get access token
laravel passport check if token is valid
laravel passport logout
laravel passport refresh token example
laravel 6 passport

I did an API REST with Laravel and now I'm trying to consume it. The thing is I need to authenticate users in the API and I am using the Password Grant method. I can authenticate users correctly and I can get an access token but from then, I don't see a way to retrieve the authenticated user with the access token in my consuming application.

I tried in the API with a route like this:

Route::get('/user', function(Request $request) {
    $user = $request->user();
    // Even with
    $user = Auth::user();

    return $user;

No dice. I am reading Passport code but I can't figure it out. My guess is that I would need to specify a new guard type or something because It doesn't seem that Laravel Passport provides one for this kind of grant type...

To clarify things:

  • I have an API REST application, wich is the oAuth2 Server.
  • I have another application consuming the API REST.
  • I do know the workflow. In my case, with Password Grant, I get the user credentials in my consumer application, then I make a request to /oauth/token specifying the grant_type to password, I provide the user credentials along with my client credentials, wich I am sure they were generated with "php artisan passport:client --password" (note the --password option)
  • I can get the access token with no problems. What I need now, is to get a JSON representation of the user I just authenticated from the API REST. But here is the problem: I just have an access token. Nothing I can relate with the user.

Or can I? Maybe I can extend the method that authenticates password grant requests to relate the generated access token to the user it is authenticating... *light bulb turns on*

Consuming application test code:

try {
    $client = new Client();
    $result = $client->post('', [
        'form_params' => [
            'grant_type' => 'password',
            'client_id' => '5',
            'client_secret' => 'my_secret',
            'username' => 'user_I_am_authenticating',
            'password' => 'the_user_password',
            'scope' => '',
    $access_token = json_decode((string) $result->getBody(), true)['access_token'];
    $result = $client->get('', [
        'headers' => [
            'Content-Type' => 'application/json',
            'Accept' => 'application/json',
            'Authorization' => "Bearer $access_token",

    return (string) $result->getBody();
} catch (GuzzleException $e) {
    return "Exception!: " . $e->getMessage();

Note that route is just a route I made for testing in the API. That route is defined as:

Route::get('/user', function(Request $request) {
    return $request->user();

Now. I know this is not working. This is what I want to achieve. Know the user making the request given the access_token/bearer_token.


You forgot the appropriate middleware.

Route::get('/user', function(Request $request) {
    return Auth::user();

The authentication flow is not fired when you don't mention the auth middleware. That's why you get null.

Laravel Passport - Laravel, If the password is correct, the user is logged in to that account; the In addition, the command will create "personal access" and "password grant" clients Testing logout - GET http://localhost/laravel-passport/public/api/logout. Authenticating Users using Laravel’s Passport via Laravel’s Swagger Doc , * summary="Get the details of an authenticated user Laravel API Authentication for Social Networks — OAuth2

I had the same problem with you. And i solved it after I manually defined the auth guard.

Route::get('/user', function (Request $request) {
  return auth()->guard('api')->user();

Get the user id in laravel passport, I have implemented Passport OAuth and was able to generate an access_token but I am not able to get authenticated user data using that  I use Laravel Passport for my API authentication. I have already set up a Password Credentials Grant and it works. Now I need a Client Credentials Grant for machine-to-machine authentication. I created a new client with php artisan passport:client --client. I tried to make a request to /oauth/token with this body (with Insomnia):

You need to pass the Access token back with every request. Please check the documentation for this part here

User Authentication using Laravel's passport, Hi all, I'm using Password Grant Tokens for API.​passport/blob/1.0/src/Http/Middleware/CheckClientCredentials.php  What is Laravel Passport ? APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel Passport application in a matter of minutes.

How to access authenticated user data from OAuth? · Issue #402 , Little did we know that his existing .NET app is authenticating users to a third party provider using non-standard compliance auth mechanism. No oauth, no saml,  What I want is to get a response including the authenticated user as shown below: Get authenticated user with Laravel Passport and grant password. 1.

How retrieve user info without middleware auth:api ? · Issue #175 , Laravel Passport is an implementation of The PHP League's OAuth Server; The Password Grant, When users login using username+password. daunting at first but it is actually pretty simple once get to know the concepts. i'm using client_credentials grant type for Authorization to protect some resources and it's working fine, i need to get id of the authenticated client How to do that thx Skip to content laravel / passport

Laravel Passport Password Grant with Custom User Providers, Laravel Passport is an OAuth2 server for API Authentication. So we are going to build the login, registration and the user detail API. And will create personal access and passport grant clients which will be used to POST request then we will get something similar response except the access token. When authenticating using the password grant, Passport will use the password attribute of your model to validate the given password. If your model does not have a password attribute or you wish to customize the password validation logic, you can define a validateForPassportPasswordGrant method on your model:

  • What the... I can't say "hello" or "hi there" in my post! haha
  • Would you add the client-side code and the error you receive? Is it 404?
  • I can add the code. But as I said, I am not having any error. I make a request to wichever route in the API I want, the thing is that in my API route I want to know in wich user behalf the client is making the request.
  • You mean, you want to know the Logged in user?
  • Yes. The consuming application is using a grant type that is much like client_credentials. That means that the application is making requests on its own behalf. But for users, there is the authorization method, and the password grant. These make requests on the authorized user's behalf.
  • But what happens if authentication is optional. i.e. authenticated users see this, and unuthenticated users see something else
  • This is the solution.
  • Of course. I am already doing that. I will update my question with some more code. Sorry if I wasn't clear.