Laravel Passport Authenticate User Before Authorize

问题

I am working on a project where 3rd party apps can access data from Laravel server. I also have created a client application in laravel for testing.

Following code ask for authorization and its working fine.

Route::get('/applyonline', function () {
$query = http_build_query([
    'client_id' => 5,
    'redirect_uri' => 'http://client.app/callback',
    'response_type' => 'code',
    'scope' => '',
]);
return redirect('http://server.app/oauth/authorize?'.$query);
});

How can I authenticate a user before authorization? Right now I can access data form server using this code.

Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
    'form_params' => [
        'grant_type' => 'password',
        'client_id' => 2,
        'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
        'username'=> 'ali@gmail.com',
        'password' => 'password',
    ],
]);

$data = json_decode((string) $response->getBody(), true);
$access_token = 'Bearer '. $data['access_token'];
$response =  $http->get('http://server.app/api/user', [
    'headers' => [
        'Authorization' =>  $access_token
    ]
]);

$applicant = json_decode((string) $response->getBody(), true);

return view('display.index',compact('applicant'));

});

Although above code works fine but I don't think its a good way to ask username and password at client side.

I want to use this flow (Same as facebook allows)

Click To Get Data From Server
Enter Username and Password
Authorize App
Access data for authenticated user

回答1:

Well that was a stupid mistake. It works fine with authorization_code grant type. My mistake was that I was testing both server and client in same browser without logout. So client was accessing its own data from server. Also this flow diagram really helped me to understand the process of passport authorization. http://developer.agaveapi.co/images/2014/09/Authorization-Code-Flow.png

 Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
    'form_params' => [
        'grant_type' => 'authorization_code',
        'client_id' => 5,
        'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
        'redirect_uri' => 'http://client.app/callback',
        'code' => $request->code,
    ],
]);
return json_decode((string) $response->getBody(), true);});

来源：https://stackoverflow.com/questions/43172792/laravel-passport-authenticate-user-before-authorize

标签

laravel

laravel-passport