Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

artisan Tutorials: php artisan passport

When you run php artisan passport:install, Laravel attempts to do the following:

  1. Generate encryption keys (oauth-public.key and oauth-private.key).
  2. Publish Passportโ€™s migrations if not already present.
  3. Run those migrations (if you choose โ€œyesโ€).
  4. Create the default OAuth clients (Personal and Password).

Running php artisan passport:install is a crucial setup step when using Laravel Passport for API authentication. Here’s a full explanation of why it’s needed and what it does:


โœ… Why Run php artisan passport:install?

๐Ÿ”ง 1. Generates Encryption Keys

  • Laravel Passport uses encryption to securely issue and validate access tokens.
  • passport:install generates:
    • A private key: used to sign access tokens.
    • A public key: used to verify the tokens on future requests.

๐Ÿ“ These keys are stored in:

storage/oauth-private.key
storage/oauth-public.key
Code language: PHP (php)

๐Ÿ” These keys are essential for the security of your API tokens.


๐ŸŽซ 2. Creates OAuth Clients

It automatically creates two default OAuth2 clients in the oauth_clients table:

a. Personal Access Client

  • Used when issuing tokens via $user->createToken('token-name').
  • Good for first-party apps or backend-only workflows.

b. Password Grant Client

  • Used for username/password login via the /oauth/token route.
  • Commonly used in mobile apps and SPAs (single-page apps).

These clients have a unique Client ID and Client Secret, which are used to obtain tokens programmatically.


๐Ÿ” What Happens Behind the Scenes?

When you run:

php artisan passport:install
Code language: CSS (css)

Laravel does the following:

  1. Generates oauth-public.key and oauth-private.key.
  2. Creates one Personal Access Client.
  3. Creates one Password Grant Client.
  4. Stores all client data in the oauth_clients table.
  5. Outputs the client IDs and secrets in the console.

๐Ÿ“Œ When Should You Run It?

  • โœ… When setting up Laravel Passport for the first time.
  • ๐Ÿ” When you accidentally delete the keys or clients.
  • ๐Ÿ› ๏ธ When migrating environments (you might need to re-run with --force).

โš ๏ธ Tip:

If you already have keys and clients, and re-running the command causes issues, use the --force flag only if you’re resetting the environment:

php artisan passport:install --force
Code language: CSS (css)

โš ๏ธ Be careful: this will overwrite existing keys and may invalidate current tokens.


โœ… Summary

ActionPurpose
Generate OAuth keysSign and verify secure access tokens
Create Personal Access ClientIssue tokens using createToken() method
Create Password Grant ClientEnable login via /oauth/token
Store keys and clientsIn storage/ and oauth_clients table

Hereโ€™s a clear explanation of the difference between a Personal Access Client and a Password Grant Client in Laravel Passport:


๐Ÿ”‘ 1. Personal Access Client

โœ… Purpose:

Used when users authenticate via a token directly, usually through first-party apps (like your own web or mobile app). Ideal for issuing long-lived personal tokens.

๐Ÿ“Œ How it works:

  • The user logs in through a traditional session (browser or API).
  • The server generates a personal access token for the user using the createToken() method: $token = $user->createToken('Token Name')->accessToken;
  • No client credentials (ID/secret) are required on the frontend.

๐Ÿ” Use Case:

  • Admin panels
  • First-party web or mobile apps
  • API testing via Postman

๐Ÿ”„ Token Flow:

User logs in โ†’ backend creates personal token โ†’ returns to frontend.


๐Ÿ” 2. Password Grant Client

โœ… Purpose:

Used when you want the user to provide email/password via API and obtain an access token programmatically. Often used by mobile apps or single-page apps (SPA).

๐Ÿ“Œ How it works:

  • The client app sends a request to the /oauth/token endpoint: POST /oauth/token Content-Type: application/json { "grant_type": "password", "client_id": "8", "client_secret": "your-password-client-secret", "username": "user@example.com", "password": "secret", "scope": "*" }
  • If valid, Passport issues an access token.

๐Ÿ” Use Case:

  • Mobile apps logging in users
  • SPAs with direct login forms

๐Ÿ”„ Token Flow:

Frontend (mobile/web) sends user credentials + client credentials โ†’ gets token from /oauth/token.


โœ… Summary Table

FeaturePersonal Access ClientPassword Grant Client
AuthenticationServer-side onlyUser credentials via API
Use CaseFirst-party web/mobileMobile apps / SPAs
Client ID/Secret Needed?โŒ Noโœ… Yes
Example Method$user->createToken()/oauth/token endpoint with credentials
User InteractionAlready logged in via sessionLogin via email/password in the app
Security ConsiderationTokens created securely server-sidePassword passed through API (use HTTPS)

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals
I'm Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms. I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.

Related Posts

Top 10 AI SEO Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI SEO tools have become indispensable for digital marketers, businesses, and content creators aiming to dominate search engine rankings. These tools leverage artificial intelligence…

Read More

Top 10 Product Lifecycle Management (PLM) Tools in 2026: Features, Pros, Cons & Comparison

Introduction Product Lifecycle Management (PLM) is a strategic approach to managing a productโ€™s journey from conception through design, manufacturing, and end-of-life. In 2026, PLM software has evolved…

Read More

Top 10 Patch Management Tools in 2026: Features, Pros, Cons & Comparison

Introduction: The Importance of Patch Management in 2026 In 2026, as cyber threats evolve and technology becomes more complex, patch management tools are critical for maintaining cybersecurity…

Read More

Top 10 Headless CMS Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, Headless Content Management Systems (CMS) have become the go-to solution for businesses seeking flexibility, scalability, and a modern approach to content management. Unlike traditional…

Read More

Top 10 AI Lead Scoring Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI lead scoring tools have become indispensable for B2B and B2C businesses aiming to optimize their sales pipelines. These tools leverage artificial intelligence to…

Read More

Top 10 AI Portfolio Optimization Tools in 2026: Features, Pros, Cons & Comparison

Introduction Investment management has always been about making smart choices at the right time. Traditionally, this required endless hours of research, manual calculations, and intuition. But in…

Read More
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
0
Would love your thoughts, please comment.x
()
x