I am creating an API using Laravel 5.4 and Passport. The API authorization is done using Password grant type.
Below is a sample request:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => '[email protected]',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
This will send a POST request to '/oauth/token' with the following response:
{
"token_type": "Bearer",
"expires_in": 3155673600,
"access_token": "eyJ0eXAiOiJK...",
"refresh_token": "LbxXGlD2s..."
}
What I want is to get a response including the authenticated user as shown below:
[
data:{
name: Jhon,
email: [email protected],
address: ASDF Street no.23
},
token{
"token_type": "Bearer",
"expires_in": 3155673600,
"access_token": "eyJ0eXAiOiJK...",
"refresh_token": "LbxXGlD2s..."
}
]
What I already did was alter the PasswordGrant file at line 65
vendor/league/oauth2-server/src/Grant/PasswordGrant.php
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
return $responseType;
I hope someone can help me, and tell me how to resolve this, thank you.
Requesting Tokens Once you have created a password grant client, you may request an access token by issuing a POST request to the /oauth/token route with the user's email address and password. Remember, this route is already registered by the Passport::routes method so there is no need to define it manually.
Laravel Passport is an easy way to set up an authentication system for your API. As a Laravel package, it uses an OAuth2 server to perform authentication, creating tokens for user applications that request to interface with the API it protects, and only granting them access if their tokens are validated.
Laravel Passport is an OAuth 2.0 server implementation for API authentication using Laravel. Since tokens are generally used in API authentication, Laravel Passport provides an easy and secure way to implement token authorization on an OAuth 2.0 server.
If you don't want to use the Passport middleware in the project where you want to validate the tokens, you would have to create an endpoint in the Laravel Passport server that can accept the token, perform the usual Passport validation and return a response to your service.
You could write an (after-) middleware that takes the original response and transforms it to be the way you want it to be. But be aware that all other Passport middleware (CheckClientCredentials
, CheckScopes
, CreateFreshApiToken
, etc...) probably depends on that specific format and will have to be adapted as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With