Develop Reference

How to correctly authenticate users with same email and password?

In my users table i have additional column that stores the information to which specific scope user belongs and for our application needs a different scope can have same email and password.
My problem is that when i call /oauth/token URL i can get a token for a wrong user if there are 2 rows with same email and password.
Is there an way to call that method and passing additional custom field?
For example, if i have:
$response = $http->request('POST', env('APP_URL') . '/api/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $oClient->id,
'client_secret' => $oClient->secret,
'username' => $request->email,
'password' => $request->password,
'scope' => 'business',
],
]);
is there any way to add additional parameter in there like
$response = $http->request('POST', env('APP_URL') . '/api/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $oClient->id,
'client_secret' => $oClient->secret,
'username' => $request->email,
'password' => $request->password,
'user_role' => 'example_role'
'scope' => 'business',
],
]);

How to send data to lumen route

i'm trying to send client_secret and id into oauth/token,
this is my route
$router->post('api/v1/oauth/token'[
'grant_type' => 'password',
'client_id' => '2',
'client_secret' => 'token',
'username' => $request->username,
'password'=> $request->password,
],function(){
return app('auth')->user();
});
this is my postman
please help me

Guzzle Not Sending Grant Type to Laravel Passport

Im a little stumped with my code, I am running Laravel 6 with Guzzle Http Client version 6.3.3.
I have opted to use a trait which I use on my API Gateway for communicating with micro services instead of bloating code base with repeated code.
The Trait
public function performRequest($method, $requestUrl, $formParams = [], $headers =[])
{
$core = env('CORE_URI');
$client = new Client([
'base_uri' => $core,
]);
$response = $client->request($method, $requestUrl, ['form_params' => $formParams, 'headers' => $headers]);
return $response->getBody()->getContents();
}
The failing code (Not sending the OAuth Grant Type Password even though it works using postman)
$core_client_id = env('CORE_CLIENT_ID');
$core_client_secret = env('CORE_CLIENT_SECRET');
$username = $request->input('username');
$password = $request->input('password');
return $this->performRequest('POST','/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $core_client_id,
'client_secret' => $core_client_secret,
'username' => $username,
'password' => $password,
'scope' => '',
],
'headers' => [
'content-type' => 'multipart/form-data',
]
]);
The Exception Guzzle is returning is 400 Bad Request 'Unsupported Grant Type'

I fixed it by removing the headers and form params and changing my code to send the data as an array instead.
Working Code
public function attemptLogin(Request $request)
{
$core_client_id = env('CORE_CLIENT_ID');
$core_client_secret = env('CORE_CLIENT_SECRET');
$username = $request->input('username');
$password = $request->input('password');
$data = array(
'grant_type' => 'password',
'client_id' => $core_client_id,
'client_secret' => $core_client_secret,
'username' => $username,
'password' => $password,
'scope' => '',
);
return $this->performRequest('POST','/oauth/token', $data);
}

I searched on the internet a bit and found out that OAuth2 specification for header Content-Type is "application/x-www-form-urlencoded" . To fix your problem simply remove 'content-type' => 'multipart/form-data' from 'headers'
Here is a complete code
$core_client_id = env('CORE_CLIENT_ID');
$core_client_secret = env('CORE_CLIENT_SECRET');
$username = $request->input('username');
$password = $request->input('password');
return $this->performRequest('POST','/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $core_client_id,
'client_secret' => $core_client_secret,
'username' => $username,
'password' => $password,
'scope' => '',
],
]);

When I post params , Postman not get response, loading forever

Here my Controller
$http = new \GuzzleHttp\Client; $response = $http->post('http://127.0.0.1:8000/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'vZ2wi8dOIJLueXRzP4Dqvraad0V1GBj3DDy8RaXj,
'username' => $request->username,
'password' => $request->password,
]
]);
return $response->getBody();
When I post params like below
Not get the response.
Please help me

Laravel passport api unsupported_grant_type error

I install successfully passport api in laravel, I can get access_token
using requesting tokens like
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => '1',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://localhost:8000/oauth/authorize?'.$query);
});
but when I use password grant tokens, created by php artisan passport:client --password, using username and password,
I get unsupported_grant_type
my request is,
$http = new GuzzleHttp\Client;
$response = $http->post('http://localhost:8000/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => '3',
'client_secret' => 'sqgaA8HOBUZBBZwWnl4xhyDE7LWyhAhlG5BZa199',
'username' => 'myusername',
'password' => 'mypassword',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
I get error like this;
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check the `grant_type` parameter"
}
my oauth_clients table is,
id => 3
user_id => 1
name => Laravel Password Grant Client
secret => sqgaA8HOBUZBBZwWnl4xhyDE7LWyhAhlG5BZa199
redirect => http://localhost
personal_access_client => 0
password_client => 1
revoked => 0
created_at => 2019-03-27 15:46:10
updated_at => 2019-03-27 15:46:10