As the title says, I am unable to authenticate the access token returned by the Password Grant while the Client Credentials Grant works just fine. I've tried the htaccess solution but it didn't work.
In my logs file, it says that I am having an AuthenticationException for the Password Grant Token as stated below.
#12 {main} {"exception":"[object] (Illuminate\\Auth\\AuthenticationException(code: 0): Unauthenticated. at /opt/lampp/htdocs/LumenApiGateway/vendor/laravel/passport/src/Http/Middleware/CheckClientCredentials.php:88)
From this error, I looked at the class CheckClientCredentials and on the said line (88), the condition that causes the AuthenticationException is the $token->client->firstParty() part. Now I also wonder why is it considered as firstParty token? I hope you could help me. Thanks!
EDIT:
#1125 Is opened on github for this issue.
As I search for an answer for this query, I found out that the recent release of Laravel Passport which is v 8.x, changed the conditions for CheckClientCredentials class.
As stated on the merged PR on Laravel Passport repo itself, that the mentioned class will only accept client credentials grant. Which also means that you have to create separate endpoints and apply different middleware for both machine-to-machine authentication and an actual user (password grant) authentication.
There's also a reported issue similar to this query and a suggested solution to mitigate it which I find acceptable.