Feature Request: Support String-based Client ID

[edmandiesamonte]

Just a feature request to support string-based Client ID. IMHO, having an auto-incremented Client ID is pretty plain and might lead to security vulnerability (i.e. brute-force attack on implicit grants).

I would suggest to have something like this on the Client Model:

        static::creating(function (Client $client) {
            if (!$client->id) {
                $client->id = Passport::generateClientId($client->name);
            }
        });

And have something like this on the Passport helper:

/**
     * Generates Client ID
     *
     * @param $clientName
     * @return string
     */
    public static function generateClientId($clientName)
    {
        if (static::$clientIdGenerator instanceof \Closure) {
            return (string)static::$clientIdGenerator->call(new static, $clientName);
        }

        $length = config('passport.id_length', 12);
        $max = pow(10, $length) - 1;
        if ($max > PHP_INT_MAX) {
            $max = PHP_INT_MAX;
        }
        $out = random_int(0, $max);
        return str_pad($out, $length, '0', STR_PAD_LEFT);
    }

    /**
     * Set the Client ID Generator function. The function should receive a Client Name
     * and return an ID in string format.
     *
     * @param \Closure $generator
     */
    public static function setClientIdGenerator(\Closure $generator)
    {
        static::$clientIdGenerator = $generator;
    }

I'd be happy to create a PR request if this one is planned.

[emiliopedrollo]

There has been some effort before in using uuid as client_id. Maybe the developers should consider that.

[cweiske]

Duplicate of #14.

[ivorisoutdoors]

You can achieve UUIDs by updating the migration and using model listeners. https://mlo.io/blog/2018/08/17/laravel-passport-uuid/

[driesvints]

Duplicate of #14.