@@ -34,11 +34,10 @@ use ApiSkeletons\Laravel\Doctrine\ApiKey\Http\Middleware\AuthorizeApiKey;
3434
3535$routeMiddleware = [
3636 ...
37- 'auth.apiKey ' => AuthorizeApiKey:class
37+ 'auth.apikey ' => AuthorizeApiKey:class
3838];
3939```
4040
41-
4241Initialize the ApiKey service for your entity manager in ` App\Providers\AppServiceProvider `
4342``` php
4443use ApiSkeletons\Laravel\Doctrine\ApiKey\Service\ApiKeyService;
@@ -61,8 +60,109 @@ Route::name('api.resource::fetch')
6160 ->middleware('auth.apikey');
6261```
6362
64- Begin making requests to your ApiKey protected resource using you key as a Bearer token in the Authorization header
63+ Begin making requests to your ApiKey protected resource using your key as a Bearer token in the Authorization header
6564``` sh
6665Authorization: Bearer {key}
6766```
6867
68+
69+ ## Using Scopes
70+
71+ Scopes are permissions for ApiKeys. They are commonly used in OAuth2 and are less common in ApiKeys.
72+ Create a scope:
73+ ``` shell
74+ php artisan apikey:scope:generate {name}
75+ ```
76+ Security with scopes is applied with the same middleware used to authenticate ApiKeys.
77+ Replace {scopeName} with your scope's name and the middleware will ensure the passed ApiKey has
78+ that scope to continue.
79+ ``` php
80+ Route::name('api.resource::fetch')
81+ ->get('resource', 'ResourceController::fetch')
82+ ->middleware('auth.apikey:{scopeName}');
83+ ```
84+
85+
86+ ## Commands
87+
88+ Management of API keys is handled through the command line. However, full access to all data-creating
89+ functions is available through the Doctrine repositories: ApiKeyRepository and ScopeRepository.
90+
91+ Generate an ApiKey
92+ ``` shell
93+ php artisan apikey:generate {name}
94+ ```
95+
96+ Generate a Scope
97+ ``` shell
98+ php artisan apikey:scope:generate {name}
99+ ```
100+
101+ Assign a Scope to an ApiKey
102+ ``` shell
103+ php artisan apikey:scope:add {apiKeyName} {scopeName}
104+ ```
105+
106+ Deactivate an ApiKey
107+ ``` shell
108+ php artisan apikey:deactivate {name}
109+ ```
110+
111+ Activate an ApiKey
112+ ``` shell
113+ php artisan apikey:activate {name}
114+ ```
115+
116+ Unassign a Scope from an ApiKey
117+ ``` shell
118+ php artisan apikey:scope:remove {apiKeyName} {scopeName}
119+ ```
120+
121+ Delete a Scope
122+ ``` shell
123+ php artisan apikey:scope:delete {scopeName}
124+ ```
125+
126+ Print an ApiKey
127+ ``` shell
128+ php artisan apikey:print {name}
129+ ```
130+
131+
132+ ## Multiple object managers
133+
134+ The metadata included with this repository works fine across multiple object managers.
135+ The commands included in this repository only work on the default ApiKeyService, so you will need an alternative
136+ method of maintaining data in the second object manager. In order
137+ to use multiple object managers you must do some configuration. Assuming you followed the Quick Start, above,
138+ follow these steps for a second object manager:
139+
140+ Create a new singleton of the ApiKeyService with a differnet name in ` App\Providers\AppServiceProvider `
141+ ``` php
142+ use ApiSkeletons\Laravel\Doctrine\ApiKey\Service\ApiKeyService;
143+
144+ public function register(): void
145+ {
146+ $this->app->singleton('ApiKeyService2', static function ($app) {
147+ return new ApiKeyService();
148+ });
149+ }
150+ ```
151+
152+ Initialize the ApiKey service for the second entity manager in ` App\Providers\AppServiceProvider `
153+ ``` php
154+ use ApiSkeletons\Laravel\Doctrine\ApiKey\Service\ApiKeyService;
155+
156+ public function boot()
157+ {
158+ app('ApiKeyService2')->init(app('em2'));
159+ }
160+ ```
161+
162+ Copy the route middleware to a new class and use dependency injection for the ` ApiKeyService2 `
163+ ``` php
164+ $routeMiddleware = [
165+ ...
166+ 'auth.apikey2' => EditedAuthorizeApiKey:class
167+ ];
168+ ```
0 commit comments