From 0b51d0309213b5e9aed5ab02016cb58b74269490 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robson=20Ten=C3=B3rio?= <robsontenorio@me.com>
Date: Mon, 30 Jul 2018 09:16:50 -0300
Subject: [PATCH] Laravel Routes

---
 README.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5c99dad..81f8c28 100644
--- a/README.md
+++ b/README.md
@@ -124,7 +124,7 @@ Appends to the authenticated user the full decoded JWT token. Useful if you need
 
 Usually you API should handle one *resource_access*. But, if you handle multiples, just use a comma separated list of allowed resources accepted by API. This attribute will be confronted against `resource_access` attribute from JWT token, while authenticating.
 
-## Laravel auth config
+## Laravel Auth
 
 Changes on `config/auth.php`
 ```php
@@ -141,6 +141,23 @@ Changes on `config/auth.php`
     ],
 ```
 
+## Laravel Routes
+Just protect some endpoints on `routes/api.php` and you are done!
+
+```php
+// public endpoints
+Route::get('/hello', function () {
+    return ':)';
+});
+
+// protected endpoints
+Route::group(['middleware' => 'auth:api'], function () {
+    Route::get('/protected-endpoint', 'SecretController@index');
+    // more endpoints ...
+});
+```
+
+
 # API
 
 Simple Keycloak Guard implements `Illuminate\Contracts\Auth\Guard`. So, all Laravel default methods will be available. Ex: `Auth::user()` returns the authenticated user.