Support the ongoing development of →
Authentication Requests Security
Last updated 1 year ago.


answering my own question: First for the part 2:

  • I create a new route outside middleware "auth:api': Route::post('/login', 'Auth\LoginController@apiLogin');

  • Then, in my apiLogin I modified the request and made the changes that I would like:

     function apiLogin(Request $request) {
         $tokenRequest = $request->create('/oauth/token', 'POST', $request->all());
            "client_id"     => 'your_client_id',
            "client_secret" => 'your_client_secret',
            "grant_type"    => 'password',
            "code"          => '*',
         $response = Route::dispatch($tokenRequest);
         $json = (array) json_decode($response->getContent());
         $json['new_value'] = '123456';
         return $response

and then, I'm able to send more contents with the original json

For part 3:

  • I create a new route, INSIDE of the middleware "auth:api' (Please, not that even the controller is different, once that teh LoginController don't have constructor and the API controller does have the constructor with the mddleware: 'Route::post('login/pwdchange', 'ApiController@changePassword');'

  • Now, the client will need to send the original access_token with the old password and the new password. After I validate then, I change the password and also create a new token (I'm revoking any possible token after I change the password which will then force everybody to do a new login).

     function changePassword(Request $request) {
         $data = $request->all();
         $user = Auth::guard('api')->user();
         //Changing the password only if is different of null
         if( isset($data['oldPassword']) && !empty($data['oldPassword']) && $data['oldPassword'] !== "" && $data['oldPassword'] !=='undefined') {
             //checking the old password first
             $check  = Auth::guard('web')->attempt([
                 'username' => $user->username,
                 'password' => $data['oldPassword']
             if($check && isset($data['newPassword']) && !empty($data['newPassword']) && $data['newPassword'] !== "" && $data['newPassword'] !=='undefined') {
                 $user->password = bcrypt($data['newPassword']);
                 $user->isFirstTime = false; //variable created by me to know if is the dummy password or generated by user.
                 $token = $user->createToken('newToken')->accessToken;
                 //Changing the type
                 return json_encode(array('token' => $token)); //sending the new token
             else {
                 return "Wrong password information";
         return "Wrong password information";

Aparently is working fine. I hope that it helps someone.

Last updated 7 years ago.

That's helps me a lot, thanks


Sign in to participate in this thread!


Your banner here too?

joaosauer joaosauer Joined 15 Mar 2017


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 - All rights reserved.