Laravel 5.3 : Passport Implementation - {"error":"invalid_client","message":"Client authentication failed"}

php oauth-2.0 laravel-5.3 laravel-passport
Hari Harker picture Hari Harker · Sep 4, 2016 · Viewed 10.5k times · Source

I followed the exact steps mentioned in the Laracast : What's New in Laravel 5.3: Laravel Passport to implement api authentication using oauth2.

My web.php file in the client/consumer project looks like:

use Illuminate\Http\Request;


Route::get('/', function () {
$query = http_build_query([
     'client_id' => 2,
     'redirect_uri' => 'http://offline.xyz.com/callback',
     'response_type' => 'code',
     'scope' => '',
    ]);

return redirect ('http://api.xyz.com/oauth/authorize?'.$query);
});

Route::get('/callback', function (Request $request){
$http= new GuzzleHttp\Client;

$response = $http->post('http://api.xyz.com/oauth/token',[
    'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => 2 , 
            'client_secret' => 'tUGYrNeWCGAQt220n88CGoXVu7TRDyZ20fxAlFcL' ,
            'redirect_uri' => 'http://offline.xyz.com/callback',
            'code' => $request->code,
        ],
    ]);

return json_decode((string) $response->getBody(), true);
});

I am getting the permission request page where I need to authorize to allow my client to access the api. But, once I click authorize, I am being redirected to the page where it shows the following message:

{"error":"invalid_client","message":"Client authentication failed"}

How to resolve this?

I did not install laravel/passport in the offline project. Am I missing out something? I have followed and implemented what exactly was mentioned in the video tutorial. Do I have to include something else that I'm not aware of? (I have a very basic knowledge on oauth2).

If it helps, I am trying to implement an offline system which will periodically send data to an online system when there is an internet connection. So I thought I can build an api and send post request with information to be stored.

Answer

Hari Harker picture Hari Harker · Sep 5, 2016

The problem was the Redirect URL which I have mentioned while creating the OAuth Client was different from what I needed. Following the tutorial, I had mentioned http://api.xyz.com/callback which should have been http://offline.xyz.com/callback.

If you have implemented the vue components, use the Edit option for the Oauth Client created. Change the Redirect URL appropriately.

Also, make sure the id field and the redirect field in the oauth-clients table contains the same values as mentioned in the route description for /callback in your routes/web.php file.

This should fix the error. However, it might raise another error - HttpFoundationFactory not found.

In composer.json, update the file with the following in the requiresection: 

"symfony/psr-http-message-bridge": "0.2"

and run composer update.

You are good to go now.

Related questions

Correct way to set Bearer token with CURL

I get my bearer token from an API end point and set the following: $authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274" Next I want to use CURL to access the secure endpoint however I am …

Read More
How to refresh token with Google API client?

I've been playing around with the Google Analytics API (V3) and have run into som errors. Firstly, everything is set up correct and worked with my testing account. But when I want to grab data from another profile ID (Same …

Read More
How to extend access token validity since offline_access deprecation

Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem getting the so called long lived access tokens without that permission. In Facebook's document about the deprecation it says, that server side OAuth generated access tokens …

Read More