Laravel Passport Password Grant Refresh Token
Trying to wrap my head around using Laravel\'s Passport with mobile clients. The Password Grant type of authentication seems to be the way to go, and i have it working with
-
The
oauth/token/refreshroute is not for refreshing access tokens. It is used to refresh transient tokens, which are used when you consume your own API from your javascript.To use your
refresh_tokento refresh your access token, you need to call theoauth/tokenroute with thegrant_typeofrefresh_token.This is the example provided by the documentation:
$http = new GuzzleHttp\Client; $response = $http->post('http://your-app.com/oauth/token', [ 'form_params' => [ 'grant_type' => 'refresh_token', 'refresh_token' => 'the-refresh-token', 'client_id' => 'client-id', 'client_secret' => 'client-secret', 'scope' => '', ], ]); return json_decode((string) $response->getBody(), true);One note about scopes, when you refresh the token, you can only obtain identical or narrower scopes than the original access token. If you attempt to get a scope that was not provided by the original access token, you will get an error.
讨论(0) -
I've done something like.
- Created an endpoint for grant refresh token.
and in my controller,
public function userRefreshToken(Request $request) { $client = DB::table('oauth_clients') ->where('password_client', true) ->first(); $data = [ 'grant_type' => 'refresh_token', 'refresh_token' => $request->refresh_token, 'client_id' => $client->id, 'client_secret' => $client->secret, 'scope' => '' ]; $request = Request::create('/oauth/token', 'POST', $data); $content = json_decode(app()->handle($request)->getContent()); return response()->json([ 'error' => false, 'data' => [ 'meta' => [ 'token' => $content->access_token, 'refresh_token' => $content->refresh_token, 'type' => 'Bearer' ] ] ], Response::HTTP_OK); }讨论(0)
加载中...
- 热议问题