Passport::hashClientSecrets(); breaks my authentication
Anhleidvig opened this issue · comments
- Passport Version: 11.8.3
- Laravel Version: 10.0
- PHP Version: 8.1
- Database Driver & Version: MariaDB
Description:
I tried to implement oath2 with my application. I followed the steps and I created a route:
Route::post('/login', [AuthenticatedSessionController::class, 'store'])->middleware('guest') ->name('login');
The action:
public function store(LoginRequest $request): JsonResponse
{
$request->authenticate();
/** @var User $user */
$user = Auth::user();
$token = $user->createToken($user->name);
return response()->json($user->toArray());
}
When I try to use the createToken method the API tells me this: Client authentication failed
After some digging I realised that this method is the problem:
protected function createRequest($client, $userId, array $scopes)
{
$secret = Passport::$hashesClientSecrets ? $this->clients->getPersonalAccessClientSecret() : $client->secret;
return (new ServerRequest('POST', 'not-important'))->withParsedBody([
'grant_type' => 'personal_access',
'client_id' => $client->getKey(),
'client_secret' => $secret,
'user_id' => $userId,
'scope' => implode(' ', $scopes),
]);
}
The $secret is always null when the Passport::hashClientSecrets(); is inside my AuthServiceProvider::boot method.
Steps To Reproduce:
- Install laravel/passport
- php artisan migrate
- php artisan passport:install --uuids
- set the api guard
- set Passport::hashClientSecrets(); inside AuthServiceProvider
- Send a request to the route above
Update:
If I try to do a normal /oauth/token request it works.
The createToken method still is a problem.
I'm sorry I forgot to set:
PASSPORT_PERSONAL_ACCESS_CLIENT_ID
PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET
This is my bad