I'm playing around with laravel and try to enable client credentials grant to secure some api endpoints.
To provide some context: I want to create an api that stands between a database and several websites (and SPAs). So I'll be able to do some monitoring (what website/SPA calls which ressources) and in general add some security. So in this case where no additional user inforamtion is required, the client credential grant for machine-to-machine communication should be the best approach.
I followed someone tutorials (e.g. this tutrial) to implement these grant type but I get stuck...
I did the following:
composer require laravel/passport
config/app.php
: Laravel\Passport\PassportServiceProvider::class,
php artisan migrate
php artisan passport:install
HasApiTokens
to App\User.php
Passport::routes()
to app/Providers/AuthServiceProvider.php
passport
in config/auth.php
So far so good. Now I created a sample client with php artisan passport:client
:
New client created successfully.
Client ID: 3
Client secret: S5s9oEIRm5DNy5ySsr1H6jWlraOCZyF24gcpoDrJ
Now when I want to get a token for this client by using postman (added in the body.formdata
like provided here)
I get the following error.
{
"error": "unsupported_grant_type",
"error_description": "The authorization grant type is not supported by the authorization server.",
"hint": "Check that all required parameters have been provided",
"message": "The authorization grant type is not supported by the authorization server."
}
Am I missing something? I thought I did all the necessary steps to register the grant type
?
Thanks in advance!!
You misspelled grant_type
. In the screenshot it says grand_type
.