I want to use Client Credentials to authenticate client applications to access the API.
My problem is with creating client credentials. Using php artisan passport:client
requires me to enter a user_id to associate the client to that user. I don't get it. Why the client application has to be associated to a user?! Or Is there another way?
passport:client command only supports creating Password Grant Clients and Personal Grant Client. I don't think that any of them is what I need.
What I really need is to create client credentials that will only be used by the client application to authorize itself to access some APIs. How to do that?
I assume you want to use machine-to-machine authentication (no user interactions)
I would recommend to read through the docs a couple of times to get the hang of it.
I do not believe there is an specific way to create an only client credentials client, What i do is to create an personal client then change the field for personal client in the database personal_access_client
1
=> 0
You could use the personal client option, as seen from the --help
option
Usage:
passport:client [options]
Options:
--personal Create a personal access token client
--password Create a password grant client
--name[=NAME] The name of the client
-h, --help Display this help message
...
php artisan passport:client --personal
output
Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy
You would need to use another middleware other then the default one because there is no user present when using this method
Class \App\Http\Kernel
:
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
//ommited
];
Route::get('/test', 'ApiTestController@test')->middleware('client_credentials');
Class \App\Http\Controllers\ApiTestController
:
public function test() {
return response()->json(['data' => 'hey'] );
}
From php artisan route:list
GET|HEAD | api/test | App\Http\Controllers\ApiTestController@test | api,client_credentials |
Following the specified request in the documentation on client-credentials-grant-tokens
I use Postman for simplicity, easily send test request with Postman (www.getpostman.com)
Set authorization to OAuth 2.0, image: Postman authentication
Set access token URL, client id, client secret and grant type to 'Client Credentials', image: Postman OAuth Fields
Postman creates an token and appends it to URL or Header, in this case header
Accept:application/json
Authorization:Bearer eyJ0eXAiOi...KCjK0
Response:
{
"data": "hey"
}