Laravel using basic.auth access_token - laravel

i am follow laravel documentation about Basic Authentication
i already create an API who response
"token_type": "Bearer",
"expires_in": 31536000,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9"
and i use the access_token on postman as
Header
Authentication : Bearer {{access_token}}
and set my route with Route()->middlewire(auth.basic)
the response always
{
"message": "Invalid credentials.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\UnauthorizedHttpException",
...
What I do wrong?

I figure it out
i did not read the right documentation
I read basic auth documentation on laravel but actually I use basic auth with passport and on passport the middleware is not auth.basic but client, now i can use the return access_token

Related

Keycloak and Google login

Currently I am developing Spring Boot application which need to have Keycloak login. I managed to make Google registration and when I get registered I getting this response:
{
"access_token": "ya29.dJnTYLwF7cBoJOHal1-8Efn9sw6oacGhA_JLiruKk2jOqBoAqgPpKa1gSmFferDvj-1D2mYg_jxEHUMVatz8z-F3L4e5A8l_AixFeRPmg4C_nnA--Pdvxwl1moglBbwjaJTJTUmE4yh1PzPnbBiZ",
"token_type": "Bearer",
"expires_in": "3599",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc0MjE3YjhkYWRiYjM2NTc4MzU4MGY5ZTkyNDg3ZDTYiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiODY5Njc1Nzc0MjgxLTY4ZmExbjY3ZW41NW5zb3YyaGdib2JtZG05c3VlMDB1LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiODY5Njc1Nzc0MjgxLTY4ZmExbjY3ZW41NW5zb3YyaGdib2JtZG05c3VlMDB1LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTAxNDE4ODQ2MDM0MzI5Nzk0ODcwIiwiZW1haWwiOiJtYXJpbnNwYWppYzE5OThAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJlbno5VDhuc3NLSHNqaEdVbFZQV253IiwiaWF0IjoxNjMxNTUzNjAyLCJleHAiOjE2MzE1NTcyMDJ9.oU_LAWPQU0RJ5yMM7M-xtKdM1rpLy2xqIg46kHu0KWR_1_2IY_tc3Uf1v2nNoEAQVXnZVbScUaHspwNny8yDirybxgOX_73aPGzb_FmcjVqgLTZTt8dbjizgy412cNFskH3GuRAXRMZppDbPPKlE2sgceMxapboCuivXIRyAyDQ_uXHSINEaPKFE3Tqjx-x6T6epcqY8M4hCt8Obs929BT86e3Ky6Xj1DUBv5UMm1Hk8NxoD_JU-rFLPQx-FZrVV3kYkdbJWKpoUVU-CToXDR4yRmxYXoz2kZMlc-rgugxxJ3OKG-JotVfSDh5Vp5iHy9kUpHOxi_8vWKw28LwNNhA"
}
Now I have to take access token and other information from Keycloak by this tokens, but I really don't know which endpoint I have to shoot.
Is there some example of login with Google or some advice ? Thanks!

storing AuthorizationCodeCredential in web app session

I am using the azure-identity library to authenticate users for accessing the Microsoft Graph API in my Spring Boot web application.
After getting the successfully getting the code via auth code grant redirect I want to store the access token and refresh token in the the web application session so that the user does not have to re-authenticate for doing multiple requests to the Microsoft Graph API.
How can I get hold of the tokens for storing them in the session?
The Authorization Code is a single-user code used to obtain an actual Access Token. You'll need to redeem that code for an access_token as described in Microsoft identity platform and OAuth 2.0 authorization code flow.
The response body that contains the access_token will also include a refresh_token value:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}
The way to do this was to create a class that implements OAuth2AuthorizedClientService that stores and loads the OAuth credentials in the database.

Laravel passport doesn't redirect to callback if client is revoked

I'm using Laravel passport package to use OAuth. It works perfectly fine, but when I set client (In oauth_clients table) revoked attribute to 1 it doesn't redirect back to my site callback. It just returns JSON response
{
"error": "invalid_client",
"error_description": "Client authentication failed",
"message": "Client authentication failed"
}
but I want to return this JSON response in my callback.. How can I do this?
Thanks for help in advance!

How does Ruby's rest-client work for OAuth 2?

I am trying to implement an OAuth 2 sign up for an Angular 6, using gitLab Api. Its website has some code for getting the access token based on Ruby. I will be so glad if anyone lets me know how to get this access token.
OAtuth 2 for gitLab says that I can get the secret code and YOUR_UNIQUE_STATE_HASH. I managed to follow their instruction.
To get the access token, gitLab posted some Rubi [sic] code, which I could not understand and don't know how to implement in angular.
Here is the instruction:
Once you have the authorization code you can request an access_token using the code, to do that you can use any HTTP client. In the following example, we are using Ruby's rest-client:
parameters = 'client_id=APP_ID&client_secret=APP_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI'
RestClient.post 'http://gitlab.example.com/oauth/token', parameters
# The response will be
{
"access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}
I would be so kind if somebody explains this code snippet.
The snippet is basically doing as denoted already. You need to generate the access token (or bearer token) using your client id and client secret with the code which was returned after successful user auth - this access token is basically the token which you will then further use on behalf of user to gitlab.
OAuth makes sure that the client code cannot be used by unauthorized attacker by making sure that you as a developer request it with your client id and client_secret.
RestClient.post 'http://gitlab.example.com/oauth/token', parameters will send that POST request and then Gitlab will return the response with access token and about it's expiry.

JWT auth in lumen

I complete Login With Token Generate Like This
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2x1bWVuL2F1dGgvbG9naW4iLCJpYXQiOjE0NzUwNjAwMzMsImV4cCI6MTQ3NTA2MzYzMywibmJmIjoxNDc1MDYwMDMzLCJqdGkiOiIwOTFjYWNhZGRlODQ1NjNhMzc4M2JkM2EwNDdkZmM3YSIsInN1YiI6M30.VjXTSkzrmzTQSTZvp3VxlWacL8VHyM8XBUa5db8GOOI"
But When i Run api with jwt.auth middleware it give response
{
"message": "Token not provided"
}
How I can solve it
Are you sure you are providing the token in the headers properly as specified in the JWT documentation?
You need to send the Authorization header followed by Bearer TOKEN.
So the final result in your case would be:
Authorization : Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2x1bWVuL2F1dGgvbG9naW4iLCJpYXQiOjE0NzUwNjAwMzMsImV4cCI6MTQ3NTA2MzYzMywibmJmIjoxNDc1MDYwMDMzLCJqdGkiOiIwOTFjYWNhZGRlODQ1NjNhMzc4M2JkM2EwNDdkZmM3YSIsInN1YiI6M30.VjXTSkzrmzTQSTZvp3VxlWacL8VHyM8XBUa5db8GOOI

Resources