laravel-passport-grant
This library provide a very simple way to add custom grant types for Laravel Passport OAuth2 server.
Installation
Note: this documentation assumes Laravel Passport installation is completed.
To get started, install package via the Composer package manager :
composer require kslimani/laravel-passport-grantPublish the passportgrant.php configuration file using vendor:publish Artisan command :
php artisan vendor:publish --provider="Sk\Passport\GrantTypesServiceProvider" --tag="config"Configuration
In your config/passportgrant.php configuration file, enable any custom grant types providing user provider class.
// "grants" is an array of user provider class indexed by grant type
'grants' => [
// 'acme' => 'App\Passport\AcmeUserProvider',
],User provider
User provider class roles are :
- validate
/oauth/tokenrequest custom parameters - provide user entity instance
User provider class must implements the Sk\Passport\UserProviderInterface :
/**
* Validate request parameters.
*
* @param \Psr\Http\Message\ServerRequestInterface $request
* @return void
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
public function validate(ServerRequestInterface $request);
/**
* Retrieve user instance from request.
*
* @param \Psr\Http\Message\ServerRequestInterface $request
* @return mixed|null
*/
public function retrieve(ServerRequestInterface $request);If request validation fails, the validate() method must throw a League\OAuth2\Server\Exception\OAuthServerException invalid parameter exception.
On success, the retrieve() method must return a League\OAuth2\Server\Entities\UserEntityInterface or Illuminate\Contracts\Auth\Authenticatable instance. Otherwise null on failure.
For convenience, the UserProvider class provide methods to validate and retrieve request custom parameters.
Therefore, creating a user provider becomes simple :
<?php
namespace App\Passport;
use App\User;
use Psr\Http\Message\ServerRequestInterface;
use Sk\Passport\UserProvider;
class AcmeUserProvider extends UserProvider
{
/**
* {@inheritdoc}
*/
public function validate(ServerRequestInterface $request)
{
// It is not necessary to validate the "grant_type", "client_id",
// "client_secret" and "scope" expected parameters because it is
// already validated internally.
$this->validateRequest($request, [
'acme_id' => ['required', 'integer', 'min:1'],
'acme_name' => ['required', 'string', 'min:1'],
]);
}
/**
* {@inheritdoc}
*/
public function retrieve(ServerRequestInterface $request)
{
$inputs = $this->only($request, [
'acme_id',
'acme_name',
]);
// Here insert your logic to retrieve user entity instance
// For example, let's assume that users table has "acme_id" column
$user = User::where('acme_id', $inputs['acme_id'])->first();
return $user;
}
}Token request example for the "acme" grant type :
// Assuming $http is \GuzzleHttp\Client instance
$response = $http->post('https://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'acme',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'acme_id' => 1337,
'acme_name' => 'Joe',
'scope' => '',
],
]);
