laravel · hettiger · Oct 10, 2025 · hafezdivandari · Oct 10, 2025 · hettiger
diff --git a/src/Http/Controllers/ClientController.php b/src/Http/Controllers/ClientController.php
@@ -38,7 +38,7 @@ public function forUser(Request $request): Collection
     /**
      * Store a new client.
      */
-    public function store(Request $request): Client
+    public function store(Request $request): array
      * @return \Laravel\Passport\Client|array 
      */ 
     public function store(Request $request) 
      * @return \Laravel\Passport\Client|array 
      */ 
     public function store(Request $request) 
     {
         $this->validation->make($request->all(), [
             'name' => ['required', 'string', 'max:255'],
@@ -53,9 +53,7 @@ public function store(Request $request): Client
             $request->user(),
         );
 
-        $client->secret = $client->plainSecret;
-
-        return $client->makeVisible('secret');
+        return ['plainSecret' => $client->plainSecret] + $client->toArray();
-        return ['plainSecret' => $client->plainSecret] + $client->toArray();
+        $client->secret = $client->plainSecret;
+
+        return $client->makeVisible('secret')->mergeAppends(['plain_secret']);
-        return ['plainSecret' => $client->plainSecret] + $client->toArray();
+        $client->secret = $client->plainSecret;
+
+        return $client->makeVisible('secret')->mergeAppends(['plain_secret']);
     }
 
     /**

diff --git a/tests/Unit/ClientControllerTest.php b/tests/Unit/ClientControllerTest.php
@@ -51,7 +51,7 @@ public function test_clients_can_be_stored()
         $clients->shouldReceive('createAuthorizationCodeGrantClient')
             ->once()
             ->with('client name', ['http://localhost'], true, $user)
-            ->andReturn($client = new Client);
+            ->andReturn($client = new Client(['name' => 'client']));
 
         $redirectRule = m::mock(RedirectRule::class);
 
@@ -70,7 +70,10 @@ public function test_clients_can_be_stored()
             $clients, $validator, $redirectRule
         );
 
-        $this->assertEquals($client, $controller->store($request));
+        $this->assertEquals([
+            'name' => $client->name,
+            'plainSecret' => $client->plainSecret,
+        ], $controller->store($request));
     }
 
     public function test_public_clients_can_be_stored()
@@ -89,7 +92,7 @@ public function test_public_clients_can_be_stored()
         $clients->shouldReceive('createAuthorizationCodeGrantClient')
             ->once()
             ->with('client name', ['http://localhost'], false, $user)
-            ->andReturn($client = new Client);
+            ->andReturn($client = new Client(['name' => 'client']));
 
         $redirectRule = m::mock(RedirectRule::class);
 
@@ -109,7 +112,10 @@ public function test_public_clients_can_be_stored()
             $clients, $validator, $redirectRule
         );
 
-        $this->assertEquals($client, $controller->store($request));
+        $this->assertEquals([
+            'name' => $client->name,
+            'plainSecret' => $client->plainSecret,
+        ], $controller->store($request));
     }
 
     public function test_clients_can_be_updated()