Client Grant Credentials

Hi everyone, I want to implement machine-to-machine authentication in laravel, first I added a client middleware to my route, and then I used curl to send client_id and client_secret to get the access token, but it doesn't work correctly, what are the steps with detail? thank you all.

LaryAI

3 years ago

Level 58

To implement machine-to-machine authentication in Laravel, you can use the Laravel Passport package. Here are the steps to follow:

Install Laravel Passport by running the following command in your terminal:

composer require laravel/passport

Run the migration to create the necessary tables:

php artisan migrate

In your AuthServiceProvider, add the following lines to the boot method:

Passport::routes();
Passport::enableImplicitGrant();

In your User model, add the HasApiTokens trait:

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;
    ...
}

Create a client by running the following command:

php artisan passport:client --client

This will create a new client and display the client ID and secret. Make sure to save these values as you will need them to authenticate.

To authenticate, you can use the following code:

$response = Http::asForm()->post('http://your-app.com/oauth/token', [
    'grant_type' => 'client_credentials',
    'client_id' => 'your-client-id',
    'client_secret' => 'your-client-secret',
    'scope' => '',
]);

$accessToken = $response->json()['access_token'];

Make sure to replace your-app.com, your-client-id, and your-client-secret with the appropriate values.

Finally, you can use the access token to make API requests:

$response = Http::withToken($accessToken)->get('http://your-app.com/api/user');

Make sure to replace http://your-app.com/api/user with the appropriate API endpoint.

That's it! You should now be able to authenticate and make API requests using machine-to-machine authentication.

Snapey

3 years ago

Level 122

Why would you do this in middleware if it is meant to be machine to machine.

Create a service class and do the work there. Call this class from whatever needs to make the connection.

No need for passport. You will see that Lary does not even use Passport in the code example.

All you need is your client credentials stored somewhere, and somewhere to put the resulting access token and the token expiry time,

<?php

namespace App\Services;

use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Http;

class P44
{
    public $token;

    public function __construct()
    {
        if(Carbon::createFromTimestamp(setting('services.p44.expires_at',1))->subSeconds(5)->lt(now())) {
            Log::info('Attempting to renew the P44 bearer token');

            $response = Http::asForm()->post('https://na12.api.project44.com/api/v4/oauth2/token',
                [
                    'client_id' => setting('services.p44.client_id'),
                    'client_secret' => setting('services.p44.client_secret'),
                    'grant_type' => 'client_credentials',
                ]);

            $credentials = $response->json();

            setting()->set('services.p44.authorization', $credentials['access_token']);
            setting()->set('services.p44.expires_at', now()->addSeconds($credentials['expires_in'])->timestamp);

            setting()->save();

        }
        $this->token = setting('services.p44.authorization');

    }
}

This is a real service. I use a settings helper to store the client ID and secret, and the access token and expiry.

Once the service has been constructed, I can rely on the token to be set, either from settings or via the oauth connection.

1 like

sahar_mkr

3 years ago

Level 1

@Snapey I did whatever lary said, but it takes time to send the request and I still don't get the answer, Is there any problem?

sahar_mkr

3 years ago

Level 1

@Snapey thanks for the reply, I'll test this

Please or to participate in this conversation.