sundayenglish_agency/app/Http/Middleware/CheckScopes.php

<?php

namespace App\Http\Middleware;

use Illuminate\Auth\AuthenticationException;
use Laravel\Passport\Exceptions\MissingScopeException;

class CheckScopes
{
    /**
     * Handle the incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  mixed  ...$scopes
     * @return \Illuminate\Http\Response
     *
     * @throws \Illuminate\Auth\AuthenticationException|\Laravel\Passport\Exceptions\MissingScopeException
     */
    public function handle($request, $next, ...$scopes)
    {
        $scopes_check = array();
        foreach ($request->user()->getAllPermissions() as $permission) {
          $scopes_check[] = $permission->name;
        }

        if (! $request->user() || ! $request->user()->token()) {
            throw new AuthenticationException;
        }

        if (in_array('*', $scopes_check)) {
            return $next($request);
        }

        foreach ($scopes as $scope) {
            if (! in_array($scope, $scopes_check)) {
                throw new AuthenticationException('Invalid scope(s) provided.');
            }
        }

        return $next($request);
    }
}