i'm creating an authentication api using passport from the official docs but i'm stuck on sending GuzzelHttp request
i'v done exactly like the docs but when i want to test with postman no result returned it just stay loading without end
this is my code
my controller
$user = new User();
$user->email = $request->email;
$user->name = $request->name;
$user->password = bcrypt($request->password);
$user->save();
$http = new Client;
$response = $http->post('http://localhost:8000/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'x2ESrkADoQEaQ91iMW9kKiIvjKo0LL4RxlUtqtmy',
'password' => $request->password
],
]);
dd($response);
return response([
'success'=> true,
'successMessageKey' => 'userCreatedSuccessfully' ,
'data'=>json_decode((string) $response->getBody(), true)
]);
and my route
Route::post('users/register',[
'uses' => 'Api\AuthController#register'
]);
and when i run my route i got no result like this and stuck in loading
The issue is when using php artisan serve, it uses a PHP server which is single-threaded.
The web server runs only one single-threaded process, so PHP applications will stall if a request is blocked.
You can do this solution:
When making calls to itself the thread blocked waiting for its own reply. The solution is to either seperate the providing application and consuming application into their own instance or to run it on a multi-threaded webserver such as Apache or nginx.
Or if you are looking for a quick fix to test your updates - you can get this done by opening up two command prompts. The first would be running php artisan serve (locally my default port is 8000 and you would be running your site on http://localhost:8000). The second would run php artisan serve --port 8001.
Then you would update your post request to:
$response = $http->post('http://localhost:8001/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'x2ESrkADoQEaQ91iMW9kKiIvjKo0LL4RxlUtqtmy',
'password' => $request->password
],
]);
This should help during your testing until you are able to everything on server or a local virtual host.
Try including password_confirmation in your parameters in Postman. That's what I did in my laravel passport project
I findout the problem in your code
please check the parameter which you sent to auth/token. username is missing in your request
You need pass array of form_params as json
e.g
$response = $http->post('http://localhost:8000/oauth/token', [
'form_params' => json_encode([
'grant_type' => 'password',
'client_id' => 2,
'client_secret' => 'x2ESrkADoQEaQ91iMW9kKiIvjKo0LL4RxlUtqtmy',
'password' => $request->password
]),
]);
Related
Im using Laravel passport for API authentication. I have two routes
/api/login
and
/oauth/token
Since I cannot hardcode my client id and the login receives from JS and the params and client id is hardcoded inside a login method(laravel), Im trying to post the values using Guzzle (6.0) to oauth/token (POST requests).
I followed a youtube video and there it works but not mine. Iam using 5.6, not sure which version was in the video. Could someone help?
Below is the Video
https://www.youtube.com/watch?v=HGh0cKEVXPI&t=838s
Below is the code
$http = new GuzzleHttp\Client();
$request = $http->post(URI, '/oauth/token', [
'form_params' => [
'username' => 'bar',
'password' => 'xxxxxx',
'client_id' => 2,
'grant_type' => 'password',
'client_secret' => '00000000000000000'
]
]);
return $request;
You are not getting the response only returning guzzle $request initalization so add getBody()
$http = new GuzzleHttp\Client();
$request = $http->post(URI, '/oauth/token', [
'form_params' => [
'username' => 'bar',
'password' => 'xxxxxx',
'client_id' => 2,
'grant_type' => 'password',
'client_secret' => '00000000000000000'
]
]);
return $request->getBody();
I think you are trying to request in build-in server.
So You try two servers to send the request.
It will be working.
Like localhost:8000 and localhost:9000 server
Use this command
php artisan serve
php artisan serve --port=9000
Thanks.
You should check the status first to make sure that everything is okay by using
$request->getStatusCode();
You can get your response by
$request->getBody();
you can see also full documentation of using GuzzulHttp from Here
http://docs.guzzlephp.org/en/stable/
Trying to wrap my head around using Laravel's Passport with mobile clients. The Password Grant type of authentication seems to be the way to go, and i have it working with my iOS app, however i can't get token refreshing to work.
When authenticating i get a token and a refresh token which i store, however when the token expires, calling the oauth/token/refresh route doesn't work. The route is using the web middleware which means my app using the api route can't access it. I'm not sure if they intended for mobile clients to never refresh or if they wanted you to roll your own refreshing? If anyone has insight on how this is supposed to work, that'd be great.
The oauth/token/refresh route is not for refreshing access tokens. It is used to refresh transient tokens, which are used when you consume your own API from your javascript.
To use your refresh_token to refresh your access token, you need to call the oauth/token route with the grant_type of refresh_token.
This is the example provided by the documentation:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
One note about scopes, when you refresh the token, you can only obtain identical or narrower scopes than the original access token. If you attempt to get a scope that was not provided by the original access token, you will get an error.
I've done something like.
Created an endpoint for grant refresh token.
and in my controller,
public function userRefreshToken(Request $request)
{
$client = DB::table('oauth_clients')
->where('password_client', true)
->first();
$data = [
'grant_type' => 'refresh_token',
'refresh_token' => $request->refresh_token,
'client_id' => $client->id,
'client_secret' => $client->secret,
'scope' => ''
];
$request = Request::create('/oauth/token', 'POST', $data);
$content = json_decode(app()->handle($request)->getContent());
return response()->json([
'error' => false,
'data' => [
'meta' => [
'token' => $content->access_token,
'refresh_token' => $content->refresh_token,
'type' => 'Bearer'
]
]
], Response::HTTP_OK);
}
If I make any request to http://localhost:8000 or http://127.0.0.1:8000 it hangs on status pending. (Exactly as here https://github.com/guzzle/guzzle/issues/1857)
I was told that it isn't related to guzzle and that I should better ask about it here.
I stumbled upon this problem while following laravel.com/docs/5.4/passport
This is the code that hangs:
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'redirect_uri' => 'http://example.com/callback',
'code' => $request->code,
],
]);
I tried making GET and POST request to working API routes (tested with postman) and it still hangs when calling the same routes using guzzle.
So is there a way to make requests to my own API while using php artisan serve?
Carl has a great solution to this. If you are looking for a quick fix to test your updates - you can get this done by opening up two command prompts. The first would be running php artisan serve (locally my default port is 8000 and you would be running your site on http://localhost:8000). The second would run php artisan serve --port 8001.
Then you would update your post request to:
$response = $http->post('http://localhost:8001/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'redirect_uri' => 'http://example.com/callback',
'code' => $request->code,
],
]);
This should help during your testing until you are able to everything on server or a local virtual host.
try this.
namespace App\Http\Controllers\Api;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Route;
use App\User;
class UserController extends Controller
{
//use AuthenticatesUsers;
protected function login(Request $request)
{
$request->request->add([
'grant_type' => 'password',
'client_id' => '3',
'client_secret' => '6BHCRpB4tpXnQvC1DmpT7CXCSz7ukdw7IeZofiKn',
'scope' => '*'
]);
// forward the request to the oauth token request endpoint
$tokenRequest = Request::create('/oauth/token','post');
return Route::dispatch($tokenRequest);
}
}
I ended up solving it by using wamp virtualhost instead of php artisan serve. No idea why it doesn't work with localhost though.
UPDATE: Someone was kind enough to explain why it wouldn't work.
In https://github.com/guzzle/guzzle/issues/1857#issuecomment-506962175
The reason for this is php artisan serve is a single thread application. So when we use guzzle to request from it to itself, it basically just tries to finish guzzle request (as a client) first then come to finish that request (as a server), which is impossible.
More info about this: https://php.net/manual/en/features.commandline.webserver.php
Also this answer:
When making calls to itself the thread blocked waiting for its own reply. The solution is to either seperate the providing application and consuming application into their own instance or to run it on a multi-threaded webserver such as Apache or nginx.
/**
* Login function
*/
public function login(Request $request) {
/*
Sample post object
{
"username": "test#gmail.com",
"password": "test123"
}
*/
if (Auth::attempt(['email' => request('username'), 'password' => request('password')])) {
return $this->getToken($request);
}
else {
return response()->json(['error'=>'Unauthorised'], 401);
}
}
public function getToken(Request $request) {
//Get client ID and client Secret
$client = DB::table('oauth_clients')->where('password_client',1)->first();
$request->request->add([
"grant_type" => "password",
"username" => $request->username,
"password" => $request->password,
"client_id" => $client->id,
"client_secret" => $client->secret,
]);
// Post to "/oauth/token
$tokenRequest = $request->create('/oauth/token','post');
$instance = Route::dispatch($tokenRequest);
//return token_type, expires_in, access_token, refresh_token
return response()->json(json_decode($instance->getContent()));
}
I am new in Laravel Passport and installed and configured with official documentation.
public function register(){
$password = Hash::make('demo');
$user = DB::table('users')->insertGetId([
'name' => 'User',
'email' => 'userdev#gmail.com',
'password' => $password,
]);
// create oauth client
$oauth_client = \App\OauthClient::create([
'user_id' => $user,
'name' => 'User',
'secret' => base64_encode(hash_hmac('sha256',$password, 'secret', true)),
'password_client' => 1,
'personal_access_client' => 0,
'redirect' => '',
'revoked' => 0,
]);
$response = ['status'=>200,'message'=>'Successfully Registered'];
return $response;
I just run the API throgh postman and its getting response as Successfully Registered
After that I just called the http://localhost/passport/oauth/token route to authenticate the user. But its not working. Its returning like..
Postdata :
grant_type:password
client_id :1
client_secret:j7q0ky8chHQ0RHJFpWo4Lqn/hl7Z0ntzYeyzsXE9ULA=
username:userdev#gmail.com
password:demo
scope:
Response :
{
"error": "invalid_request",
"message": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.",
"hint": "Check the `client_id` parameter"
}
Make sure it is placed in body not in params.
Still not sure why, but running php artisan config:clear fixed this for me.
I have a phpleague/oauth2 server implementation, which is working fine, ie generating access/refresh tokens, validating etc.
I have a following problem. When I refresh the token with grant_type=refresh_token with console curl, I successfully get the new access_token, but when doing this with a test:
$I->sendPOST('access_token', [
'grant_type' => 'password',
'client_id' => '111',
'client_secret' => '222',
'username' => 'exampleuser',
'password' => 'examplepass',
]);
$I->seeResponseCodeIs(200);
$I->seeResponseContainsJson(['token_type' => 'Bearer']);
// I receive a proper string, checked that out
$token = $I->grabDataFromResponseByJsonPath('$.refresh_token')[0];
$I->sendPOST('access_token', [
'grant_type' => 'refresh_token',
'client_id' => 1,
'client_secret' => 'pass2',
'refresh_token' => $token
]);
$I->seeResponseCodeIs(200); // Here I receive 403
...
I repeat, doing this manually in terminal works fine.
After debugging it myself I found out that refresh token validation fails
at oauth2-server/src/Grant/RefreshTokenGrant.php at:
$refreshToken = $this->decrypt($encryptedRefreshToken);
But still I can't understand why it works manually. I did urlencode/urldecode and tons of var dumps, but still can't get the solution.