After hearing a lot about laravel passport, i thought of implementing it into my new project where my requirement is to create an API that'll be used in a mobile app.
So my mobile app is a client
, which will further have its users.
I followed the steps mentioned by Taylor and also read about it here. In a nutshell I followed these steps:
laravel/passport
.php artisan passport:install
client_id
and client_secret
using php artisan passport:client
redirection
and callback
routes in web.php
Then I tried calling api/user
( with Header Authorization
containing value Bearer eyJ0eXAiOiJKV1...(token)
I received the data. Pretty simple and neat.
But my app users won't have these details. So I thought of configuring Password Grant Tokens which fits perfectly in my requirement.
Now starts the real headache. I've been trying to set this up for the last 3 days and continuously getting
{"error":"invalid_client","message":"Client authentication failed"}
I've tried almost every guide I followed online: Redirection Issues, Add Atleast One Scope Solution, P100Y Issue etc.
But I'm still getting invalid client
error. Here's what I'm passing through POSTMAN to oauth/token
:
{
"grant_type": "password",
"client_id": "3",
"client_secret": "8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g",
"username": "test@gmail.com",
"password": "123456",
"scope": ""
}
Any help would be appreciated.
Check your credentials first if they are correct, Secondly check your model table which uses \Laravel\Passport\HasApiTokens
trait that whether it contains email
column, because by default it is used to identify user when validating credentials. if your table has username
column or any other column which is used in validating credentials you must define a function findForPassport
in that model. like this,
public function findForPassport($username) {
return self::where('username', $username)->first(); // change column name whatever you use in credentials
}
I use username and password column to validate a user,
in {project_directory}\vendor\laravel\passport\src\Bridge\UserRepository.php
this function validates your credentials,
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
{
if (is_null($model = config('auth.providers.users.model'))) {
throw new RuntimeException('Unable to determine user model from configuration.');
}
if (method_exists($model, 'findForPassport')) { // if you define the method in that model it will grab it from there other wise use email as key
$user = (new $model)->findForPassport($username);
} else {
$user = (new $model)->where('email', $username)->first();
}
if (! $user || ! $this->hasher->check($password, $user->password)) {
return;
}
return new User($user->getAuthIdentifier());
}
notice the second if statement and you will get to know what is happening there.
hope this help :)