Laravel 5.3 : Passport Implementation - {"error":"invalid_client","message":"Client authentication failed"}

Hari Harker picture Hari Harker · Sep 4, 2016 · Viewed 10.5k times · Source

I followed the exact steps mentioned in the Laracast : What's New in Laravel 5.3: Laravel Passport to implement api authentication using oauth2.

My web.php file in the client/consumer project looks like:

use Illuminate\Http\Request;


Route::get('/', function () {
$query = http_build_query([
     'client_id' => 2,
     'redirect_uri' => 'http://offline.xyz.com/callback',
     'response_type' => 'code',
     'scope' => '',
    ]);

return redirect ('http://api.xyz.com/oauth/authorize?'.$query);
});

Route::get('/callback', function (Request $request){
$http= new GuzzleHttp\Client;

$response = $http->post('http://api.xyz.com/oauth/token',[
    'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => 2 , 
            'client_secret' => 'tUGYrNeWCGAQt220n88CGoXVu7TRDyZ20fxAlFcL' ,
            'redirect_uri' => 'http://offline.xyz.com/callback',
            'code' => $request->code,
        ],
    ]);

return json_decode((string) $response->getBody(), true);
});

I am getting the permission request page where I need to authorize to allow my client to access the api. But, once I click authorize, I am being redirected to the page where it shows the following message:

{"error":"invalid_client","message":"Client authentication failed"}

How to resolve this?

I did not install laravel/passport in the offline project. Am I missing out something? I have followed and implemented what exactly was mentioned in the video tutorial. Do I have to include something else that I'm not aware of? (I have a very basic knowledge on oauth2).

If it helps, I am trying to implement an offline system which will periodically send data to an online system when there is an internet connection. So I thought I can build an api and send post request with information to be stored.

Answer

Hari Harker picture Hari Harker · Sep 5, 2016

The problem was the Redirect URL which I have mentioned while creating the OAuth Client was different from what I needed. Following the tutorial, I had mentioned http://api.xyz.com/callback which should have been http://offline.xyz.com/callback.

If you have implemented the vue components, use the Edit option for the Oauth Client created. Change the Redirect URL appropriately.

Also, make sure the id field and the redirect field in the oauth-clients table contains the same values as mentioned in the route description for /callback in your routes/web.php file.

This should fix the error. However, it might raise another error - HttpFoundationFactory not found.

In composer.json, update the file with the following in the requiresection:

"symfony/psr-http-message-bridge": "0.2"

and run composer update.

You are good to go now.