Level 15
Don't you just add the bearer token to the request?
Get it working with Postman first?
Jul 30, 2020
6
Level 1
Get Passport credentials for external app
I have a Laravel app that works only as API gateway (let's call it APIWAY) and I'm building an external application (let's call it APILOADER) that has to log into my APIWAY via code. I'm trying to follow the example reported in the Laravel: Up and Running guide by Matt Stauffer, but i find it quite confusing, because the only example reported for code authentication refers to Laravel to Laravel communication, and that's not what I want, since my external app (APILOADER) is not laravel based.
The only thing I managed to accomplish is a personal authentication, via auth/login route, but I need the interaction to operate only with access token.
So, let's assume I have to send an ajax call like this:
$.ajax({ type: 'post', url: URL_FOR_CONNECTING_AT_APIWAY, data: {}, success: function(response){
},
error: function(error){
}
})
1: what should be the URL_FOR_CONNECTING_AT_APIWAY, according to OAuth2? 2: what are the data I have to pass?
Thanks.
Level 1
The problem is that I don't know which route I should call, in the first place, and which data I have to pass to it.
Level 80
The problem is that I don't know which route I should call, in the first place, and which data I have to pass to it.
@lbriganti Then read the docs: https://laravel.com/docs/7.x/passport#client-credentials-grant-tokens
Level 1
Oh, thanks, how could I've missed it?
Nvm. I'll figure out.
Level 80
@lbriganti The docs I’ve linked you too literally has an example of requesting an access token when you want one application to talk to another. There’s nothing to “figure out”.
Level 1
It's not working.
I go to myapp.app/oauth/authorize passing client id and state and it returns to the consumer with an authorization code like this:
def50200377314edfdbc63c0aa8fce6461b318824d33fe8361143862e380712ac1067972f81f9c11bbd3e97d5b8bb31ebe5943009bb93caa1a307cde33e3407cf4996de0de71bb85887bbc97482ae1c55181502e2626d562843f030efacafce45f7b2dfe359e230098e8a76c29d92b7d2d2960d6763cc2eff99fad7a892fbb8fcfc516c6d0f2aab03275678a4b7af3cd2ea315930ce12a5bfeeaefe52470d3e838497f77e29ffb6c4465423e019b876586a73e6403b75c618706665ecf8d520e66c446f9d9accb528f4eeed1190fafcf8b1ff16e876fa06964c98ee638d4936c5b946e3f14dac5245d6edaa71eb8fae207ba4708be7c23fac98c5d44c2f2504e64de0b5c0534e655416a79250661148b207f2ce3caebe1b5b91f872120ae9f4d81acce4599206b80675f0a04735ea7fb8a428205bf76baaec432b9469da90215e881
that is actually a refresh token, but in my db nothing is created.
The thing is different if I make the request via postman. In that case, in the database is created an access token and a refresh token referred to it. So, what I'm doing wrong?
Please or to participate in this conversation.