Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

desh1993's avatar

How to handle login in Authorization code grant laravel Passport

I understand that this is the general flow, correct me if this is wrong

a. application/client initiates oauth process by passing client Id, callback url , response type : scope , state and prompt: 'login'

b. Resource server prompts user to login because of prompt: login

c. Upon logging in, resource server should ask user if they authorize this request

d. If they authorize, redirect them back to the callback url with the auth code and state

e. Once client receives the auth code, they should make a call to api provided to get the access token and refresh token by passing in grant type , client id , client secret , callback url and auth code.

f. if everything is correct, resource server should return to them an access token and refresh token

g. client should take this access token and refresh token and store it in http cookie

What I don't understand is step B

How do I handle the login process

a. I check if username and password is correct

b. How do I retrieve the auth code ? Do I manually get it from the oauth_auth_codes table ? or do I get it from session

c. Once I get the auth code , how do I redirect to the consent screen ?

This is my login controller

public function store(LoginRequest $request)
{
    $request->authenticate();
    $request->session()->regenerate();
    $intended_route = $request->session()->get('url')['intended'];
    return Inertia::location($intended_route); //must use this lmao
}

Hopefully someone can shed some light . thank you

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

In step B of the OAuth process, the resource server prompts the user to login. This means that you need to create a login form and handle the authentication process in your Laravel application. Once the user is authenticated, you can proceed with the OAuth flow.

To retrieve the auth code, you don't need to manually get it from the oauth_auth_codes table or from the session. Laravel Passport handles this for you automatically. When the user authorizes the request, Laravel Passport will create an auth code and store it in the oauth_auth_codes table. You can then exchange this auth code for an access token and refresh token.

To redirect the user to the consent screen, you can use the redirect() method provided by Laravel. Here's an example:

return redirect('/oauth/authorize?client_id='.$client_id.'&redirect_uri='.$redirect_uri.'&response_type=code');

This will redirect the user to the consent screen with the necessary parameters. You can customize this URL based on your specific requirements.

In your login controller, you can handle the authentication process as follows:

public function store(LoginRequest $request)
{
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        return redirect('/oauth/authorize?client_id='.$client_id.'&redirect_uri='.$redirect_uri.'&response_type=code');
    }
}

This will authenticate the user and redirect them to the consent screen if the authentication is successful.

Please or to participate in this conversation.