Menu
I'm using Laravel 6.7 and attempting to use Passport for user authentication.
I'm able to create an access token for the user when they register. Here is the code:
$user = User::create($input);
$user->createToken('auth-token');
This access token has an expiration of 15 minutes as I defined in my AuthServiceProvider.php file boot() function like so:
Passport::personalAccessTokensExpireIn(Carbon::now()->addMinutes(15));
I want to refresh it using a refresh token but can't seem to understand how.
I've looked everywhere (including the Laravel website) and they're all telling me to do this:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
Without any clear explanation as to what the values 'the-refresh-token', 'client-id' and 'client-secret' are meant to be.
One answer on stack overflow said the following:
you must send old refresh-token (
'refresh_token' => 'the-refresh-token') and this code produces a new token and refresh-refresh.
But I don't have a refresh token, I'm trying to create one. Do I just create a random string?
823
Requesting Tokens Once you have created a password grant client, you may request an access token by issuing a POST request to the /oauth/token route with the user's email address and password. Remember, this route is already registered by the Passport::routes method so there is no need to define it manually.
we can increase personal access token expire time of access token using personalAccessTokensExpireIn(). Let's see bellow example to set longer time of expire access token in laravel 5 application. * The policy mappings for the application. * Register any authentication / authorization services.
You can store this token in local storage. This token is also stored in the oauth_access_tokens table. We will be sending a GET request to your URL and we need to send it token as Authorization Header. Above way successive technologies can do API authentication in Laravel Application with a passport.
From: Laravel Docs: Password Grant Tokens
The OAuth2 password grant allows your other first-party clients, such as a mobile application, to obtain an access token using an e-mail address / username and password.
First you need to generate a Password Grant Client by:
php artisan passport:client --password
This will give you a client_id and a client_secret
So next you can implement your login in your Mobile app as follow:
POST
http://your-app.com/oauth/token
Body:
{
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => '[email protected]',
'password' => 'my-password',
'scope' => '',
}
With the result of:
{
"token_type": "Bearer",
"expires_in": 300,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjAyMGM1YTQ2MzM5ZTAxNjBjODViOWUyMGE0YTAxYzhmOWYzOTZkYjlhMmM1OWZiNjk0NDVjZTZlYTIyMmUyZmEyNDZmYzQ0MTc4M2NjNjIyIn0.eyJhdWQiOiI1MSIsImp0aSI6IjAyMGM1YTQ2MzM5ZTAxNjBjODViOWUyMGE0YTAxYzhmOWYzOTZkYjlhMmM1OWZiNjk0NDVjZTZlYTIyMmUyZmEyNDZmYzQ0MTc4M2NjNjIyIiwiaWF0IjoxNTczMjIxMTk0LCJuYmYiOjE1NzMyMjExOTQsImV4cCI6MTU3MzIyMTQ5NCwic3ViIjoiNWZhNzNkNjAtYzliNC0xMWU5LThiMDEtNjFmNDI4YjYyNTdiIiwic2NvcGVzIjpbXX0.EmmKwdr_tLUmN08MxnleCqIU0zDk8-pyecOaz-tQ2OBZa-UBsFe2SoaD0jqq_0t1BZHBiayO5qHFY6M459mXTPRNJM8Bx7MC1X_4GPHrozKMuymZ3Ham3J00UtsGHcF2gG39YcUnmhbDhiFefO8VGU-2e_2q2qWAFvO_lUB4CrcrVQ3o8-4o3mwXpmWbcoDbqiQwga_0-SMo8gYIFlh4OaO0Z_bCWsJaspUdRra672BV49une5uPlANLIinCthFHgcT_9t48z_wOzEHbVhuogMr5ObkJAy0rXTQLyvprale5EaNTPR0s9Fp1wvMtd08m7Pbdz2XLCShuIrE7cY8U8NZydxvX3aFqUOcqkmlvEGRkr3B6utjNQW19I7bKw9aIBBczoCCBmIqkqBuQFQziV3dQ7qQYJyKqr0n_mSyVzCllJ4nhWcV4hwny2KVQoszxjVMoVEzWEXsJSmxfWE4NHMYb0wmid6K_COCGzHRhfqtg_llySP_w2N0us2Ri92LyVovIJI0w2_ze0MBmyvS37OYIOLV3bCZcsVhnf9QCxAE6NAXXwgzYEj7Y0Q-7GkbOCDWrVghih3-engZj36dTBo_i4YJc5iygRlzLCW8AFtZig6mW6Veb9ITsSu_yTefCbZVPG4G0MjBhk03kSnLJGeyWeEAIBapdeEI7Vf8VsXo",
"refresh_token": "def50200a4c2c3670e62fe28d61c38b66f0d4d85f5a576c0a3914cf9767d91027102bd9ab0a17e9e149266be2443f6ef2c25e092d4c17d2a813ca59b1df608dcfc120596c2ed72ffe7dd0a1db3bc7511ec905a65c63551239581a1c13c3c0b53fd0f8db97d2b49763f5bd98b7624a432d7e82161cc9e543d3e2550f73d6bcea0014aa0d4f72c2eb3edfe2f256fae1a8ea69270735be98a85b7040e33194eb449187b67aa0dbb10f75bdf620b6416c12756e96449e92aa6ad7b56be53876113a9d17d93c1039f54647040ce8acd7f242684d0b0aa1835267dbc6bab87c6b2a7862ca3bcd8396ae7c912b03ee3df7d471f74b96d0c48ec76a55ff05762227722ffb99ecb12f30fae9042b078383678492ef73e5fedfb0085a30a9511bc94588edd5a171e0650a092bb9c37e7571aeb6d0b6d9048189ab0fa16d48477e6d51e81efbe762af34c46ed2da1862528c24d00f0139f3e74eccbefd06a7dd238ccff85b9cbec68e2e7483a9fb2f4bc314d81d48f3dbbe0a9c8b42bd76bc4ad57fa2afad52092c5339f9461"
}
If you want to refresh an expired token you will do a request to /oauth/token with the POST method
And with the body:
{
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
}
Put the previous refresh_token, client_id, client_secret and you will get another response containing other tokens
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
