Skip to content

Enable client credentials grant type #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 9, 2016
Merged

Enable client credentials grant type #34

merged 2 commits into from
Sep 9, 2016

Conversation

@themsaid
Copy link
Member

@themsaid themsaid commented Aug 21, 2016

This grant type is useful to allow clients to access data that's not owned by a certain user, for example: searching tweets, listing supported countries, etc...

The PR implements a middleware that can be used to check for client credentials.

@themsaid themsaid force-pushed the enable-client-credentials branch from 4b286b7 to 870ebce Compare August 21, 2016 00:35
lucasmichot
lucasmichot reviewed Aug 21, 2016
View reviewed changes
src/Http/Middleware/CheckClientCredentials.php
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
Copy link
Contributor

@lucasmichot lucasmichot Aug 21, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing @throws \Illuminate\Auth\AuthenticationException

Copy link
Member Author

@themsaid themsaid Aug 21, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated, thanks!

@taylorotwell
Copy link
Member

taylorotwell commented Sep 2, 2016

Why define a whole new middleware? The TokenGuard will already call the validateAuthenticatedRequest method on the resource server.

@themsaid
Copy link
Member Author

themsaid commented Sep 2, 2016

For this type of grants there's no User, the TokenGuard expects to be able to successfully retrieve a user.

@ganey
Copy link

ganey commented Sep 7, 2016
edited
Loading

I'm also interested in this, I was using lucadegasperi/oauth2-server-laravel with client_credential tokens before upgrading to 5.3.

At the moment I'm just extending the PassportServiceProvider, adding ClientCredentialsGrant as you have, and swapping it for the PassportServiceProvider in app/config.php

ganey
ganey reviewed Sep 7, 2016
View reviewed changes
src/Http/Middleware/CheckClientCredentials.php
*
* @throws \Illuminate\Auth\AuthenticationException
*/
public function handle($request, Closure $next)
Copy link

@ganey ganey Sep 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you wanted to check scopes too, something along the following lines works:
This then works in the same way as the CheckForAnyScope middleware.

public function handle($request, Closure $next, ...$scopes)
  {
    $psr = (new DiactorosFactory)->createRequest($request);

    try {
      /**
       * @var $serverRequest ServerRequest
       */
      $serverRequest = $this->server->validateAuthenticatedRequest($psr);
    } catch (OAuthServerException $e) {
      throw new AuthenticationException;
    }

    foreach ($scopes as $scope) {
      if (!in_array($scope,$serverRequest->getAttribute('oauth_scopes'))) {
        throw new AuthenticationException;
      }
    }

    return $next($request);
  }

Copy link

@endyjasmi endyjasmi Sep 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works except when you try to request access token with '*' as scope. Seems like the logic for handling all scope in client credential grant is left out.

@taylorotwell taylorotwell merged commit b78f520 into laravel:master Sep 9, 2016
@themsaid themsaid deleted the enable-client-credentials branch September 19, 2016 20:42
@enx1998
Copy link

enx1998 commented Sep 23, 2016
edited
Loading

Hi everyone,
I don't know if this is the right place di place this question, but the argument is the client_credentials grant type.
If I understand well, the client_credential grant was integrated in the code, but I don't know how can I use it to protect my routes.
All I want to do is to make a route available to client that have client_credential token, not necessary a password token.

Thanks ENx

@ganey ganey mentioned this pull request Sep 23, 2016
Closed
@livingos livingos mentioned this pull request Oct 18, 2016
Closed
@Lordkirin Lordkirin mentioned this pull request Jan 22, 2018
Closed
@Artessan Artessan mentioned this pull request Jun 3, 2018
Closed
@ankurk91
Copy link
Contributor

ankurk91 commented Jan 10, 2019
edited
Loading

An access_token that was generated by password grant can bypass this middleware.
Does specs allow this?

@driesvints
Copy link
Member

driesvints commented Jan 10, 2019

@ankurk91 yeah, you can use the same client for multiple grants but it's not recommended. It's best to only use one grant per client.

@ankurk91
Copy link
Contributor

ankurk91 commented Jan 10, 2019

Thanks for the answer.

@PanjiNamjaElf PanjiNamjaElf mentioned this pull request Mar 31, 2020
Closed
@damku999 damku999 mentioned this pull request Nov 25, 2020
Closed
utsavsomaiya added a commit to utsavsomaiya/passport that referenced this pull request Aug 31, 2023
@utsavsomaiya
Merge pull request laravel#34 from Artisans-PXM/minor_tweakss
bbf9d83
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@endyjasmi endyjasmi endyjasmi left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@themsaid @taylorotwell @ganey @enx1998 @ankurk91 @driesvints @lucasmichot @endyjasmi