Why should Client Creadentials be associated with a user in Laravel Passport?

15,160

Solution 1

I assume you want to use machine-to-machine authentication (no user interactions)

I would recommend to read through the docs a couple of times to get the hang of it.

I do not believe there is an specific way to create an only client credentials client, What i do is to create an personal client then change the field for personal client in the database personal_access_client 1 => 0

You could use the personal client option, as seen from the --help option

Usage:
  passport:client [options]

Options:
      --personal        Create a personal access token client
      --password        Create a password grant client
      --name[=NAME]     The name of the client
  -h, --help            Display this help message
...

php artisan passport:client --personal

output

Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy

You would need to use another middleware other then the default one because there is no user present when using this method

  • Define client credentials alias middleware in kernel
  • Add middleware to route
  • Send request

Define client credentials middleware to the http kernel

Class \App\Http\Kernel:

 protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
        //ommited
    ];

Define middleware on route

Route::get('/test', 'ApiTestController@test')->middleware('client_credentials');

Class \App\Http\Controllers\ApiTestController:

public function test() {
        return response()->json(['data' => 'hey'] );
}

From php artisan route:list

GET|HEAD  | api/test | App\Http\Controllers\ApiTestController@test   | api,client_credentials  |

Send request

Following the specified request in the documentation on client-credentials-grant-tokens

I use Postman for simplicity, easily send test request with Postman (www.getpostman.com)

Set authorization to OAuth 2.0, image: Postman authentication

Set access token URL, client id, client secret and grant type to 'Client Credentials', image: Postman OAuth Fields

Postman creates an token and appends it to URL or Header, in this case header

Accept:application/json
Authorization:Bearer eyJ0eXAiOi...KCjK0

Response:

{
  "data": "hey"
}

Solution 2

These answers are a little old.

You can certainly add client credentials.

php artisan passport:client --client

protected $signature = 'passport:client
        {--personal : Create a personal access token client}
        {--password : Create a password grant client}
        {--client : Create a client credentials grant client}
        {--name= : The name of the client}
        {--provider= : The name of the user provider}
        {--redirect_uri= : The URI to redirect to after authorization }
        {--user_id= : The user ID the client should be assigned to }
        {--public : Create a public client (Auth code grant type only) }';

Solution 3

I was gonna comment but I don't have enough reputation yet =p

You could give the command a name parameter that won't require any user input. As far as how you would get that client secret over to your client without manual intervention is where the real wizardry would come in.

php artisan passport:client --personal --name={someName}

That command would still give you:


Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy

as expected.

Share:
15,160

Related videos on Youtube

Meena Alfons
Author by

Meena Alfons

Excellence is my best trait. I love to achieve excellence in all fields (i.e. Education, Work). Self-learning is my best way. All over the years I have learned more than what schools or the college have taught me. I like that kind of work which involve creativity and challenges my thinking abilities. I have a very good experience in research work. I have started self-learning, targeting new ideas, experimenting, modeling and trying to implement these ideas since I was at the high school. This is why I was always distinct in my college, and still distinct in my work.

Updated on June 04, 2022

Comments

  • Meena Alfons
    Meena Alfons over 1 year

    I want to use Client Credentials to authenticate client applications to access the API.

    My problem is with creating client credentials. Using php artisan passport:client requires me to enter a user_id to associate the client to that user. I don't get it. Why the client application has to be associated to a user?! Or Is there another way?

    passport:client command only supports creating Password Grant Clients and Personal Grant Client. I don't think that any of them is what I need.

    What I really need is to create client credentials that will only be used by the client application to authorize itself to access some APIs. How to do that?

  • Meena Alfons
    Meena Alfons over 6 years
    OK, there is no way in Laravel Passport to "create an only client credentials client". But Am I Wrong for expecting it? Am I missing something around "machine-to-machine communication does not include any user interactions and does not impersonate any user and the access may not be restricted for a single user"?
  • Raldo94
    Raldo94 over 6 years
    The client authenticated though client credentials will act as an service account, no user impersonated and no user model involved. If you take an look at the create command in \Laravel\Passport\ClientRepository::create Or \Laravel\Passport\Console\ClientCommand::createPersonalClien‌​t The user_id will be left null and $personalAccess set to true You cloud implement your own command with ClientRepository dependency injected in the handle method
  • rslhdyt
    rslhdyt about 5 years
    and how to test it? I have problem testing client access token because Passport acting as helper need user object.
  • Rolf
    Rolf over 4 years
    @rslhdyt, this is what I have done for testing: * in setUp: * Create a client assport::client()->fill([...]) * Make a request to /oauth/token and store access token in a property * For every request you want to test, you'll need to a Authorization header containing: Bearer {access_token}