How to use Laravel Passport with Password Grant Tokens?
If you are consuming your own api then you don't need to call http://example.com/oauth/token
for user login because then you need to store client_id and client_secret at app side. Better you create an api for login and there you can check the credentials and generate the personal token.
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
$user = Auth::user();
$token = $user->createToken('Token Name')->accessToken;
return response()->json($token);
}
}
Finally, there are a lot of endpoints that I get from passport that I
don't think I will use for example: oauth/clients*,
oauth/personal-access-tokens* is there a way to remove them from the
endpoints published by passport?
You need to remove Passport::routes();
from AuthServiceProvider and manually put only required passport routes. I think you only need oauth/token
route.
what exactly is "The-App" value for?
if you check oauth_access_tokens table it has name field. $user->createToken('Token Name')->accessToken;
here the "Token Name" stored in name field.
How to use Laravel Passport with Password Grant Tokens?
To generate password grant token you have to store client_id
and client_secret
at app side (not recommended, check this ) and suppose if you have to reset the client_secret
then the old version app stop working, these are the problems. To generate password grant token you have to call this api like you mention in step 3.
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor@laravel.com',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
Generate token from
refresh_token
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
You can look this https://laravel.com/docs/5.6/passport#implicit-grant-tokens too.
get password client from access token passport laravel
For obtaining the client_id
and client_secret
for Password Grant Client
you need to run the following command on your authorization server (OAuth server) as stated here https://laravel.com/docs/9.x/passport#creating-a-password-grant-client
php artisan passport:client --password
The above command is not necessary to run if you already ran passport:install
. The easiest way is to check your oauth_clients
table for the column password_client
there should be a row that has this value set to 1 (enabled).
It seems from your question that you are trying to obtain the client_id
and client_secret
programmatically from your client. This is not the correct way of doing it.
Basically after you run the above command to generate your client_id
and client_secret
you need to hard code them in your .env and use them in you CURL such as:
$response = Http::asForm()->post('http://passport-app.test/oauth/token', [
'grant_type' => 'password',
'client_id' => env('OAUTH_CLIENT_ID'),
'client_secret' => env('OAUTH_CLIENT_SECRET'),
'username' => $username,
'password' => $password,
'scope' => '*',
]);
return $response->json();
You can obtain your client_id
and client_secret
from the oauth_clients
table. Just make sure to copy the values where the password_client
column is set to 1.
There should not be any security concern if your client is storing these credentials in the backend and doing the CURL from the backend.
In the case you are trying to do this from a mobile app and you might not have a way to securely store the client_id
and client_secret
. In this case you should not be using the Password Grant Client
flow but instead the Authorization Code Grant with PKCE
: https://laravel.com/docs/9.x/passport#code-grant-pkce
Related Topics
How to Allow Remote Access to My Wamp Server for Mobile(Android)
How to Create Thumbnails or Preview for Videos
How to Disable Mod_Security in .Htaccess File
How to Print Multidimensional Arrays in PHP
How to Check If a Value Already Exists to Avoid Duplicates
Send a JSON Object from Android to PHP Server with Post Method and Httpurlconnection
Time Calculation in PHP (Add 10 Hours)
How to Merge Array and Preserve Keys
How to Specify Multiple Return Types on PHP 7
How to Get the Home Directory from a PHP Cli Script
Colon After Method Declaration
How to Send the Values of an Array of Checkboxes Through Ajax Using Jquery
Move an Array Element to a New Index in PHP
How to Return Custom Error Message from Controller Method Validation
Root Path Doesn't Work with PHP Include
How to Install Imagemagick to Use with PHP on Windows 7 (3)
How to Use PHPunit to Test a Function If That Function Is Supposed to Kill PHP