I am building an API for mobile application using Password Grant Tokens. When user tries to login to the application, client sends a request for the access token.
It is possible that the user has not verified his account using the link sent to his email. I wish to add an additional condition to the query and provide error response accordingly. Currently, as Passport manages token part, I can't do it directly.
How can this be solved? How can I dive in the token request and send custom response if there are any issues with user account? And continue sending token otherwise.
Answer from a Laravel Contributor :
make your own oauth/token route and put it in an oauth.php file within /routes:
Route::post('/oauth/token', [
'uses' => 'Auth\CustomAccessTokenController@issueUserToken'
]);
Make a CustomAccessTokenController.php
<?php
namespace App\Http\Controllers\Auth;
use Psr\Http\Message\ServerRequestInterface;
use Laravel\Passport\Http\Controllers\AccessTokenController;
class CustomAccessTokenController extends AccessTokenController
{
/**
* Hooks in before the AccessTokenController issues a token
*
*
* @param ServerRequestInterface $request
* @return mixed
*/
public function issueUserToken(ServerRequestInterface $request)
{
$httpRequest = request();
// 1.
if ($httpRequest->grant_type == 'password') {
// 2.
$user = \App\User::where('email', $httpRequest->username)->first();
// Perform your validation here
// If the validation is successfull:
return $this->issueToken($request);
}
}
}
Ref link - https://github.com/laravel/passport/issues/225#issuecomment-271057428