Is there any way to get the access token base on the oauth_access_tokens table id? I want to find a solution to solve the token problem.
Here is how to get access token from DB table - https://github.com/laravel/passport/issues/779 (read the issue)
And there is also answer on SO - Laravel passport get token from database
P.S. this question should be marked as duplicate
Related
I just installed Passport and added Passport::routes() to my serviceprovider. It gave me these routes /oauth/token POST, /oauth/tokens GET, /oauth/token/{Token_id} DELETE.
I am using Password Grant Tokens for authentication(https://laravel.com/docs/5.6/passport#password-grant-tokens)
I ran the POST request to make a new token and it created the token just fine. But when I try to run the GET to see all the token, it returns an empty array. I have around 10 tokens already generated in my DB.
Shouldn't I be getting a list of all the oauth tokens that's stored in the database?
If not, Is there a way to index all the tokens for admin use?
The GET /oauth/tokens route returns all tokens for the currently authenticated user only, not all users.
To get all tokens, with their associated users, you can use the following.
\Laravel\Passport\Token::with('user')->get()
I'm starting to learn the Laravel passport API. I tried to use my tokens and it works fine.When I revoke the specific token it works fine too, it shows the proper output that says
{
"message": "Unauthenticated"
}
But when tried to use the token that is expired 1 day ago. It still authenticated which means doesn't do the same message when I put revoke on it.
I'm having the same problem in this thread:
https://laracasts.com/discuss/channels/laravel/passport-not-erroring-on-expired-token?page=1
I'm thinking if there's another or tricky way how to check the expiration date of the specific token in the backend part. Recently I found an alternative way to validate the expired tokens. Which is the task scheduling of laravel. Where every minute the system will check if there's a token expired so that it will automatically update its revoke field as true. But I doubt this solution so that I'm still trying to find some other options.
I think I found the problem probably.
You must set the expiration time in AuthServiceProvider by adding Passport::tokensExpireIn(); to boot section and token won't be validated after this time but the problem is the token won't be revoked automatically and i don't get it why.
Maybe revoke is not for being set by passport and its only for us
I tried to find where the token returned by the method $user->createToken('MyApp')->accessToken; is stored on the database but I can't seem to find it. Is it stored in the server in the first place? If so, where?
If it's not stored on the server because it's self-contained, why did Laravel's developers put $table->rememberToken(); in the default create_users_table.php migration? What's the purpose of the column remember_token?
Thank you for your help.
I guess you could say that some part of the token is stored in the database.
The token returned is JWT (JSON Web Token). Encoded in it is information about the token, like its expiration time, the algorithm used to hash it, the token scopes and its ID (in the payload it's named jti). That ID is what's stored in the oauth_access_tokens table.
In this method in the \Laravel\Passport\PersonalAccessTokenFactory::findAccessToken class you can see how Laravel is checking if the token is in the database:
/**
* Get the access token instance for the parsed response.
*
* #param array $response
* #return Token
*/
protected function findAccessToken(array $response)
{
return $this->tokens->find(
$this->jwt->parse($response['access_token'])->getClaim('jti')
);
}
If you get a valid token and paste it in this online tool you will see the structure of it. Here's how it looks:
Now, knowing the expected format of the payload, if you play around a bit with this information and the data you have in your oauth_access_tokens (id, scope, creation and expiration date) you should be able to create a valid token.
Remember token in user table is for "Remember Me" when you log in on web.
Laravel: What is “remember_token” in the “users” DB table?
If you use passport and create API you can find token id in oauth_access_tokens in database.
No, the access token value is not stored anywhere. If you lose it, it's gone. You'll need to regenerate a new token.
The rememeber_token field is for the "Remember Me" functionality for normal web authentication. It is not related to Passport API authentication at all.
I'm building an API in Laravel. The API is accessible from a front end page, using an access key. In my database I've saved the users of this API with their own access key. This key is obtained from Facebook by using the Socialite plugin.
When a user makes a request through an AJAX call (to modify the database), this request should be checked for the access key. The access key should then be found in the users table to find the right user. It actually comes down to two questions:
How can the access key be 'intercepted' from the request? Do I do this through middleware?
When the right user is found in the table, how do I set this user globally or pass the user to the right controller that is connected to the route?
For example when a user wants to add a new item to the database, the route is like this:
Route::post('items', 'ItemController#add')->middleware('tokencheck');
I've created a middleware 'tokencheck' that should find the token from the request, but I'm not sure about the usage of middleware in this case.
After passing this check, the user should be found in the database and passed to the ItemController#add. How do I pass this value?
Thank you!
I am using an OAuth plugin for cakephp (thomseddon/cakephp-oauth-server) which am having some issues with at them moment.
I want to be able to allow access to my cakephp Rest with two calls
provision - This just adds in a Client id into my table
auth - using grant_type password I send over grant_type, username, password and client_id and return a access token.
Both these actions seem to be in working order and I am getting an access token back the problem is after I gain access I am still being kicked out by cakephp and redirected to the login page when I try an access one of the rest actions.
For example once I have an access key I send up a request to http://customer-server-2.dev/api/documents.json?access_token=xxxxxxxxxxxxxxxx
At this point I should have access because the access token is correct and works fine - but I don't I get redirected to the login in page.
If anyone can help me with this I would be eternally grateful.
There might be two problems
Your access token may be expired.Get a new access token and check
Check your scope when you are getting access token