Passport Integration

If you just want to write an SPA, but don't need an API for some other use (e.g. mobile app), you can avoid a lot of the complexity of writing SPAs by using Inertia.js.

To use Passport inside the tenant part of your application, you may do the following.

  • Add this to the register method in your AppServiceProvider:
    Passport::routes(null, ['middleware' => 'tenancy']);
  • php artisan vendor:publish --tag=passport-migrations & move to database/migrations/tenant/ directory

Shared keys

If you want to use the same keypair for all tenants, do the following.

  • Don't use passport:install, use just passport:keys. The install command creates keys & two clients. Instead of creating clients centrally, create Clients manually in your tenant database seeder.

Tenant-specific keys

If you want to use a unique keypair for each tenant, do the following. (Note: The security benefit of doing this isn't probably that big, since you're likely already using the same APP_KEY for all tenants.)

There are multiple ways you can store & load tenant keys, but the most straightforward way is to store the keys in the Tenant Storage and load them into the passport configuration using the Tenant Config feature:

  • Uncomment the TenantConfig line in your tenancy.features config
  • Add these keys to your tenancy.storage_to_config_map config:
    'storage_to_config_map' => [
        'passport_public_key' => 'passport.public_key',
        'passport_private_key' => 'passport.private_key',

And again, you need to create clients in your tenant database seeding process.