Search code examples
phplaravellaravel-5oauth-2.0laravel-passport

Why should Client Creadentials be associated with a user in Laravel Passport?

I want to use Client Credentials to authenticate client applications to access the API.

My problem is with creating client credentials. Using php artisan passport:client requires me to enter a user_id to associate the client to that user. I don't get it. Why the client application has to be associated to a user?! Or Is there another way?

passport:client command only supports creating Password Grant Clients and Personal Grant Client. I don't think that any of them is what I need.

What I really need is to create client credentials that will only be used by the client application to authorize itself to access some APIs. How to do that?

Solution

  • I assume you want to use machine-to-machine authentication (no user interactions)

    I would recommend to read through the docs a couple of times to get the hang of it.

    I do not believe there is an specific way to create an only client credentials client, What i do is to create an personal client then change the field for personal client in the database personal_access_client 1 => 0

    You could use the personal client option, as seen from the --help option

    Usage:
  passport:client [options]

Options:
      --personal        Create a personal access token client
      --password        Create a password grant client
      --name[=NAME]     The name of the client
  -h, --help            Display this help message
...

    php artisan passport:client --personal

    output 

    Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy

    You would need to use another middleware other then the default one because there is no user present when using this method

    • Define client credentials alias middleware in kernel
    • Add middleware to route
    • Send request

    Define client credentials middleware to the http kernel

    Class \App\Http\Kernel: 

     protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
        //ommited
    ];

    Define middleware on route

    Route::get('/test', 'ApiTestController@test')->middleware('client_credentials');

    Class \App\Http\Controllers\ApiTestController: 

    public function test() {
        return response()->json(['data' => 'hey'] );
}

    From php artisan route:list

    GET|HEAD  | api/test | App\Http\Controllers\ApiTestController@test   | api,client_credentials  |

    Send request

    Following the specified request in the documentation on client-credentials-grant-tokens

    I use Postman for simplicity, easily send test request with Postman (www.getpostman.com)

    Set authorization to OAuth 2.0, image: Postman authentication

    Set access token URL, client id, client secret and grant type to 'Client Credentials', image: Postman OAuth Fields

    Postman creates an token and appends it to URL or Header, in this case header

    Accept:application/json
Authorization:Bearer eyJ0eXAiOi...KCjK0

    Response:

    {
  "data": "hey"
}