Skip to content

[13.x] Fix clients confidentiality #1782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 31, 2024
Merged

[13.x] Fix clients confidentiality #1782

merged 2 commits into from
Aug 31, 2024

Conversation

hafezdivandari
Copy link
Contributor

All grant types (except client credentials grant) allow public client (client with no secret). This PR:

  • Prompt user for creating confidential or public client on passport:client command, for grant types that support public option: "Authorization code", "Password", and "Device Authorization" (TBD [13.x] Device Authorization Grant RFC8628 #1750) grants.
  • Fix implicit client creation was always confidential unnecessarily.
  • Clean up passport:client command.

Summary

Grant Public Confidential Changes
Authorization code Prompt user on passport:client command.
Client credentials No change
Device authorization TBD #1750
Implicit Fixed
Password Prompt user on passport:client command
Personal access N/A N/A No change
Refresh token No change

@taylorotwell taylorotwell merged commit 195058c into laravel:13.x Aug 31, 2024
9 checks passed
@hafezdivandari hafezdivandari deleted the 13.x-fix-confidential-clients branch September 6, 2024 10:29
@hafezdivandari hafezdivandari mentioned this pull request Feb 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hafezdivandari @taylorotwell