refresh token in passport - laravel

I am new in laravel. I am using laravel passport for authentication in APIs for mobile app. Now i want to know that how can i achieve following functionality.
I want to expire my current accesstoken within 24 hours.
After expire current accesstoken i want to refresh my accesstoken.
using that refreshed accesstoken i want to access app.
Can anyone help me to solve this. I have create following code to generate token as well as to refresh token
My login function code
$client = \Laravel\Passport\Client::where('password_client', 1)->first();
$request->request->add([
'grant_type' => 'password',
'client_id' => $client->id,
'client_secret' => $client->secret,
'scope' => null,
'username' => request('email'),
'password' => request('password'),
]);
$proxy = Request::create(
'oauth/token', 'POST'
);
$tokens = \Route::dispatch($proxy);
$tokrnresponse = (array) $tokens->getContent();
$tokendata = json_decode($tokrnresponse[0]);
echo $tokendata->access_token
will give me accesstoken and
echo $tokendata->refresh_token
will give me refresh token
now from postman i am try to refresh token using another api called refresh_token(). i am passing access token in header.
refresh_token() Code
$client = \Laravel\Passport\Client::where('password_client', 1)->first();
$request->request->add([
'grant_type' => 'refresh_token',
'client_id' => $client->id,
'refresh_token' => '<refresh_token>',
'client_secret' => $client->secret,
'scope' => null
]);
$proxy = Request::create(
'oauth/token', 'POST'
);
$tokens = \Route::dispatch($proxy);
$tokrnresponse = (array) $tokens->getContent();
$tokendata = json_decode($tokrnresponse[0]);
print_r($tokendata);
exit;
I got new access token using above code, but when i try to access other api using refreshed access token then it gives me "Unauthenticated" error. can anyone help me.

Related

How to generate client access token for any client from controller?

We can generate token using oauth work flow.
But i want to generate the token internally from my own controller. How do we achieve that?
As the documentation suggest, you can call your own oauth server to get the token.
use Illuminate\Support\Facades\Http;
private function getClientToken() {
$response = Http::asForm()->post(route('passport.token'),[
'grant_type' => 'client_credentials',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => 'your-scope',
]);
return $response->json()['access_token'];
}

Laravel cors throws error when trying to run Request::create

I have a custom login method for my Laravel Passport API.
I am using Request::create to call the /oauth/token endpoint from inside my login method.
The problem is that from within my React project, I am getting a CORS error.
The error ONLY happens when using the login method and I think I have traced it down to the way that the data is being 'returned'
I am using the barryvdh/laravel-cors package and the relevant portion of my login method is as follows;
$data = [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'ggdfgdvsreckuscenusekubsvbd',
'username' => $request->email,
'password' => $request->password,
'scope' => '',
];
$request = Request::create('/oauth/token', 'POST', $data);
return app()->handle($request);
Is there a way that I can cast that $request response to a variable and then return it using the standard response->json?
If i return the $request as it is, it doesnt give me any of the data that the return app()->handle($request); line gives me i.e token, refresh token etc etc
I can use all other POST methods in my API except this one.
You can try it this way. Its basically launching a new request from a another request
$data = [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'ggdfgdvsreckuscenusekubsvbd',
'username' => $request->email,
'password' => $request->password,
'scope' => '',
];
$request = app()->make('request');
$request->request->add($data);
$tokenRequest = Request::create(
env('APP_URL') . '/oauth/token',
'post'
);
return Route::dispatch($tokenRequest);
Dispatch the route and handle the response internally instead of returning different headers
protected function attemptLogin(Request $request)
{
// forward the request to the oauth token request endpoint
$res = Route::dispatch(request()->create('oauth/token', 'POST', $data));
// Return true or false based on response status code
return $res->getStatusCode() === 200 ? true : false;
}

Laravel passport refresh token

I am using a Laravel version 5.5 using Passport for authentication.
I have successfully create the token and can access it using the auth:api middleware.
But whenever user login into system it create new token for that user. I just want to refresh user last token and send it back instead of creating a new token.
I have used the following code to generate auth token
$token = $user->createToken('string-'.$user->id)->accessToken;
It generate the token with 1075 characters but when i checked in database table oauth_access_tokens it shows me the token with 80 characters.
How can i get last generated token using 80 character token and refresh it and send it back?
Thanks in Advance
If your application issues short-lived access tokens, users will need to refresh their access tokens via the refresh token that was provided to them when the access token was issued. In this example, we'll use the Guzzle HTTP library to refresh the token:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
This /oauth/token route will return a JSON response containing access_token, refresh_token, and expires_in attributes. The expires_in attribute contains the number of seconds until the access token expires.
I've done something like.
Created an endpoint for grant refresh token.
and in my controller,
public function userRefreshToken(Request $request)
{
$client = DB::table('oauth_clients')
->where('password_client', true)
->first();
$data = [
'grant_type' => 'refresh_token',
'refresh_token' => $request->refresh_token,
'client_id' => $client->id,
'client_secret' => $client->secret,
'scope' => ''
];
$request = Request::create('/oauth/token', 'POST', $data);
$content = json_decode(app()->handle($request)->getContent());
return response()->json([
'error' => false,
'data' => [
'meta' => [
'token' => $content->access_token,
'refresh_token' => $content->refresh_token,
'type' => 'Bearer'
]
]
], Response::HTTP_OK);
}

how can i get scope description in laravel passport

Using laravel passport for token base authentication. i have set up scope for
access token and now on controller i wanted to get the scope value and its description.
protected function authenticate(Request $request)
{
$request->request->add([
'username' => $request->username,
'password' => $request->password,
'grant_type' => 'password',
'client_id' => $this->client->id,
'client_secret' => $this->client->secret,
'scope' => 'admin'
]);
$proxy = Request::create(
'oauth/token',
'POST'
);
$data = Route::dispatch($proxy);
//$data = json_decode($data);
return $data;
}
late to the party (I was looking this up myself) but check out the Passport::tokensCan array. You can define scopes and scope descriptions in there.
https://laravel.com/docs/5.8/passport#defining-scopes

Laravel Passport Authenticate User Before Authorize

I am working on a project where 3rd party apps can access data from Laravel server. I also have created a client application in laravel for testing.
Following code ask for authorization and its working fine.
Route::get('/applyonline', function () {
$query = http_build_query([
'client_id' => 5,
'redirect_uri' => 'http://client.app/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://server.app/oauth/authorize?'.$query);
});
How can I authenticate a user before authorization? Right now I can access data form server using this code.
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
'username'=> 'ali#gmail.com',
'password' => 'password',
],
]);
$data = json_decode((string) $response->getBody(), true);
$access_token = 'Bearer '. $data['access_token'];
$response = $http->get('http://server.app/api/user', [
'headers' => [
'Authorization' => $access_token
]
]);
$applicant = json_decode((string) $response->getBody(), true);
return view('display.index',compact('applicant'));
});
Although above code works fine but I don't think its a good way to ask username and password at client side.
I want to use this flow (Same as facebook allows)
Click To Get Data From Server
Enter Username and Password
Authorize App
Access data for authenticated user
Well that was a stupid mistake. It works fine with authorization_code grant type. My mistake was that I was testing both server and client in same browser without logout. So client was accessing its own data from server. Also this flow diagram really helped me to understand the process of passport authorization.
http://developer.agaveapi.co/images/2014/09/Authorization-Code-Flow.png
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 5,
'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
'redirect_uri' => 'http://client.app/callback',
'code' => $request->code,
],
]);
return json_decode((string) $response->getBody(), true);});

Resources