How To Get An Authorization Code From The Authorization Code Grant In Laravel Passport?
I'm trying to use the authorization code grant to log third-party clients in and give access to my API. The first step is to request permission at /oauth/authorize , with the required parameters. When i do this I get an error response saying "Call to a member function getKey() on null" . I notice I get this same error even when there are no parameters.
authorization code grant permission request
This is the code in my web.php that handles the /redirect route.
Route::get('/redirect', function (Request $request) {
$request->session()->put('state', $state = Str::random(40));
$query = http_build_query([
'client_id' => '6',
'redirect_uri' => 'http://127.0.0.1:8000/callback',
'response_type' => 'code',
'scope' => '',
'state' => $state,
]);
return redirect('http://127.0.0.1:8000/oauth/authorize?' . $query);
});
If I try to directly make a request to http://127.0.0.1:8000/oauth/authorize I get the error response shown below.
Answer
The request your sending in step 1 isn't working because that isn't how the oauth flow is meant to work. The flow your implementing is meant to be a 3 step process that a user completes in a browser or app to sign in to your application and request that the app or site they came from be allowed to access your api on their behalf. By making your request via a postman post request, you can't access the login flow so it tries to return a key for the already authenicated user (which is no one) thus $user->getKey() doesn't work because $user is null.
For the second error
/oauth/authorize doesn't accept that grant type because it doesn't return grants. There are 3 steps to an oauth login flow
The third party application redirects the user to your server to login, passing a callback url to redirect back to
The user logins in and your app redirects them back to the third party site, passing back an authorization code the third party app uses to request an access token.
The third party app uses the authorization code they got back in 2 to make a request to
/oauth/tokenand request an actual access token, which they can then use to access your API on the users behalf.
So the reason your Postman call to /oauth/authorize is failing with an unsupported type is that you are trying to perform step 3 on the URL to step 2. You need to get an authorization code in step 2 and then make a request to /oauth/token to get the access token.
If you are trying to provide user authentication to third party apps then you need to implement this flow through a browser so the user has the chance to login through your server. In that case the 'redirect_uri' in your code snippet needs to be something that you acccept from the request, not something hardcoded as that URL is where the user will be redirected back to after authenticating with your application. Once you have an auth code, you can then make a REST call behind the scenes to get an actual access token.
If you are trying to authenticate purely on REST/API calls then you have to use a different grant type, most likely client credentials grants
Related Questions
- → "failed to open stream" error when executing "migrate:make"
- → October CMS Plugin Routes.php not registering
- → OctoberCMS Migrate Table
- → OctoberCMS Rain User plugin not working or redirecting
- → October CMS Custom Mail Layout
- → October CMS - How to correctly route
- → October CMS create a multi select Form field
- → October CMS - Conditionally Load a Different Page
- → How to disable assets combining on development in OctoberCMS
- → October CMS - Radio Button Ajax Click Twice in a Row Causes Content to disappear
- → OctoberCms component: How to display all ID(items) instead of sorting only one ID?
- → In OctoberCMS how do you find the hint path?
- → How to register middlewares in OctoberCMS plugin?