doushi1974
2016-09-19 12:15
浏览 818
已采纳

Laravel Passport密码授予 - 客户端身份验证失败

After hearing a lot about laravel passport, i thought of implementing it into my new project where my requirement is to create an API that'll be used in a mobile app.

So my mobile app is a client, which will further have its users.

I followed the steps mentioned by Taylor and also read about it here. In a nutshell I followed these steps:

  1. Installed laravel/passport.
  2. Created a website user.
  3. Generated passport keys php artisan passport:install
  4. Generated client_id and client_secret using php artisan passport:client
  5. Added redirection and callback routes in web.php
  6. Authorized the user and got the final access token.

Then I tried calling api/user( with Header Authorization containing value Bearer eyJ0eXAiOiJKV1...(token)

I received the data. Pretty simple and neat.

But my app users won't have these details. So I thought of configuring Password Grant Tokens which fits perfectly in my requirement.

Now starts the real headache. I've been trying to set this up for the last 3 days and continuously getting

{"error":"invalid_client","message":"Client authentication failed"}

I've tried almost every guide I followed online: Redirection Issues, Add Atleast One Scope Solution, P100Y Issue etc.

But I'm still getting invalid client error. Here's what I'm passing through POSTMAN to oauth/token:

{
    "grant_type": "password,"
    "client_id": "3,"
    "client_secret": "8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g,"
    "username": "test@gmail.com,"
    "password": "123456,"
    "scope": ""
}

Any help would be appreciated.

图片转代码服务由CSDN问答提供 功能建议

在听了很多关于laravel护照之后,我想把它实现到我的新项目中,我的要求是创建一个 将在移动应用中使用的API。

因此,我的移动应用是一个客户端,它将进一步拥有其用户。

我按照泰勒提到的步骤< / a>并阅读此处。 简而言之,我按照以下步骤操作:

  1. 安装 laravel / passport
  2. 创建网站用户。
  3. 生成的护照密钥 php artisan passport:install
  4. 生成的 client_id client_secret 使用 php artisan passport:client
  5. web.php <中添加 redirection callback 路由 / code>
  6. 授权用户并获得最终访问令牌。

    然后我尝试调用 api / user < / code>(带标题 Authorization ,包含值 Bearer eyJ0eXAiOiJKV1 ...(令牌)

    我收到了数据。非常简单, 整洁。

    但是我的应用用户不会有这些细节。所以我想到配置密码授予令牌完全符合我的要求。

    现在开始真正的头痛。我一直在努力 设置了最近3天并不断获取

      {“error”:“invalid_client”,“message”:“客户端身份验证失败”} 
        
     
     

    我几乎尝试了我在网上关注的所有指南:重定向问题添加Atleast One Scope解决方案 P100Y Issue 等 。

    但我仍然遇到无效的客户端错误。 这是我通过POSTMAN传递给 oauth / token

      {
    “grant_type”:“password,”
    “client_id”  :“3”,
    “client_secret”:“8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g”,
    “用户名”:“test@gmail.com”,
    “密码”:“123456”,
    “范围”:“”
    }  
       
     
     

    我们将不胜感激。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

14条回答 默认 最新

  • duanmei9980 2016-09-20 16:48
    已采纳

    Check your credentials first if they are correct, Secondly check your model table which uses \Laravel\Passport\HasApiTokens trait that whether it contains email column, because by default it is used to identify user when validating credentials. if your table has username column or any other column which is used in validating credentials you must define a function findForPassport in that model. like this,

    public function findForPassport($username) {
           return self::where('username', $username)->first(); // change column name whatever you use in credentials
        }
    

    I use username and password column to validate a user, in {project_directory}\vendor\laravel\passport\src\Bridge\UserRepository.php

    this function validates your credentials,

    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
        {
            if (is_null($model = config('auth.providers.users.model'))) {
                throw new RuntimeException('Unable to determine user model from configuration.');
            }
    
            if (method_exists($model, 'findForPassport')) { // if you define the method in that model it will grab it from there other wise use email as key 
                $user = (new $model)->findForPassport($username);
            } else {
                $user = (new $model)->where('email', $username)->first();
            }
    
            if (! $user || ! $this->hasher->check($password, $user->password)) {
                return;
            }
    
            return new User($user->getAuthIdentifier());
        }
    

    notice the second if statement and you will get to know what is happening there.

    hope this help :)

    打赏 评论
  • douxu2081 2016-09-30 12:58

    I had the same issue, and got fixed by setting basic.auth headers, with client_id as username and secret as password.

    Then it worked fine.

    打赏 评论
  • duansai1314 2016-10-03 12:35

    I have managed to get the Laravel Passport - Password_Grant_Token working through RESTED(POSTMAN like service) without any additional controllers or middlewares. Here is how I've managed to do it!

    Install the default Auth-Scaffolding in laravel doc's here
    Install the passport doc's here
    Register a user through auth-scaffolding
    Goto RESTED or POSTMAN, or any other like service
    Check data in oauth_clients table for your form_params
    With RESTED through Request_body_form_data not headers write yours forms_params and send a POST request to */oauth/token (full url required)

    (required form_params are grant_type, client_id, client_secret, username and password)

    You should get in return an object with 4 keys (token_type, expires_in, access_token & refresh_token) and a status of 200 OK.

    If all was succesfull so far...

    Open another RESTED window:

    Send a GET request to /api/user (again full url required) In headers write 2 name-value pairs (Accept => application/json, Authorization => Bearer ACCESS_TOKEN_GOTTEN_IN_PREVIOUS_REQUEST (to /oauth/token)

    And that should be it. You should get an user object as response from /api/user.

    打赏 评论
  • doubi7496 2016-10-05 06:57

    Try creating a new password client using php artisan passport:client --password then most probably an user wont be assigned to that password client. edit the database row and add an exsting user id to it.

    {
        "grant_type": "password,"
        "client_id": "" <- edited and added user id
        "client_secret": "8BU......," <- new secret
        "username": "test@gmail.com," <- email of above added user id
        "password": "123456,"<- password 
        "scope": ""
    }
    

    Hope you will be able to get token now

    打赏 评论
  • douxihui8270 2016-10-12 04:11

    This might help point you in the right direction because we're implementing the password grant ourselves.

    1 - On your step 4 instead of running this:

    php artisan passport:install
    

    run the following to create your password grant Client:

    php artisan passport:client --password
    

    The above command will give a followup question to set the name of your Password Grant Client. Be sure to get the id and secret of this new record in your database.

    2 - Your POSTMAN Post request object should be wrapped inside an object similar to the following:

    'form_params' => [
        'grant_type' => 'password',
        'client_id' => 'my_client-id',
        'client_secret' => 'my_client-secret',
        'username' => 'username or email', <-pass through variables or something
        'password' => 'my-user-password', <- pass through variables or something
        'scope' => '',
    ],
    

    Update 1 10/12/2016:

    On further investigation of this issue I ran into the exact same spot you're at and was forced to dive into the rabbit hole of passport.

    Currently from what I'm seeing the system has set the client identifier as 'authorization_code' when it needs to be 'password'. I'm researching how to resolve this issue you're having as I've ran into it too. I will post code to help people follow along where I've been and what I've been doing but it's 2:40 am right now so I need some sleep.

    Update 2 10/12/2016

    Been debugging the issue for 7 hours now. There is a method within passport that validates the client. This method takes the inputs you've added in the object (mentioned above) and attempts to get the Client Entity through a client repository class based on what you've passed in. If a Client is found it will then be checked to see if an instance of the Client Entity truly exists within the Client Entity Interface which LOOKS like it pulls in the Client's credentials from the database. However, there is a block of code which returns NULL From what I'm getting in my testing. ALL fields are being introduced properly so far but there seems to be a mix-up between the repository and the interface. Which is causing the error to be thrown.

    In the end I feel I'm getting close to solving this issue. Your patience is greatly appreciated. =)

    Update 3 10/12/2016

    After a long period of debugging I've found the initial problem. There were fields that weren't matching up. In short, it's a setup issue.

    SO

    The solution in this case is:

    DOUBLE CHECK ALL FIELDS In the database with ALL credentials being passed in. Right down to periods, dashes, spaces passwords, client id, client secret, VALID redirect URIs/URLs, grant_types, and scopes (if you're using them):

    Make sure the client in the database has an ENUM of 1 under the "password_client" column, if not you need to create one using the mentioned php artisan command above, which I'll reference here:

    php artisan passport:client --password
    

    Make sure the secret you're passing in matches what is listed for that client in your database character for character

    Make sure the id you're passing matches and is of an integer data type.

    Make sure there is a name of some sort for the client

    Do not worry about the user_id column when using password grants

    make sure the route is correct

    Make sure the email your entering in (username) is an actual user inside of your users table within your database (or whatever table you customized the laravel 5.3 system to accept as your users table, I will add a link on how to customize laravel 5.3 system to accept a different users table as default if any need it).

    Make sure the grant_type is spelled correctly

    Make sure you're set up to accept the response bearer token (meaning the access_token and refresh_token).

    Other than that, the initial steps I've outlined in the above part of this Answer should put you back on the right track. There are others here who did mention some similar steps that are helpful but address the same error that is related to a seperate issue as well (which I'm sure is a result of a setup issue related to their specific system setup).

    I hope this helps though.

    打赏 评论
  • dongtaidai0492 2016-11-01 08:35

    Check the redirect/callback url when the client is set up on the passport server. Check the entry where you get the client ID and secret from that the Redirect URL is correct.

    I was getting the same error and found the Redirect URL wasn't correct.

    It needs to be pointing to the /callback route (in the examples that Taylor gives)

    打赏 评论
  • dounuogong0358 2016-11-11 16:02
    {"error":"invalid_client","message":"Client authentication failed"}
    

    means that the client_id and client_secret you're currently sending is one of the following:

    1. client_id and client_secret being sent is not registered in your oauth server
    2. client_id and client_secret being sent is not of the grant type that you specify in the post body

    For me, the password_client column value for that particular client was 0. i manually changed it to 1 but it didn't help. – Kanav Oct 4 at 3:25

    As I read your comment to some of the answer makes this one is obvious that you use the wrong type of client_id and client_secret for your password grant flow, so your case was the latter. You can verify that by finding the entry in oauth_clients table for your supplied client_id and client_secret

    "grant_type": "password,"    
    "client_id": "3,"
    "client_secret": "8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g,"
    
    SELECT * FROM oauth_clients WHERE id = 3 AND secret = '8BUPCSyYEdsgtZFnD6bFG6eg7MKuuKJHLsdW0k6g' AND password_client=1;
    

    in your oauth_clients table to check that whether your supplied client_id and client_secret exists for password grant flow in your oauth server. And also you don't manually change the type of client by simply switching the value of that column, you have to create a new client for password grant type.

    php artisan migrate
    

    This command will migrate the laravel/passport migration file to generate two default clients for each type that laravel/passport currently supported. You can also create a client for password grant flow with

    php artisan passport:client --password
    

    When you have a new client for password grant type, try POSTing again to /oauth/token to generate a token with your new generated client_id and client_secret

    打赏 评论
  • doujiyan0971 2017-03-29 15:55

    Have yo try running php artisan config:cache after all the passport commands.

    打赏 评论
  • dpkrbe395930 2017-04-20 11:25

    use the below code to generate an access token, it has worked for me before:

    $request->request->add([
          'client_id' => '2',
          'client_secret' => 'm3KtgNAKxq6Cm1WC6cDAXwR0nj3uPMxoRn3Ifr8L',
          'grant_type' => 'password',
          'username' => 'support@eliteride.co.uk',
          'password' => 'pass22'
        ]);
        $tokenRequest = $request->create('/oauth/token', 'POST', $request->all());
    
        $token =  \Route::dispatch($tokenRequest);
    
    打赏 评论
  • dptdb84606 2017-07-04 12:20

    you can define a two variables like

    $client_id = '111';
    $client_secret = '1212';
    

    and the condition is in your function like this

    protected $clientID = '578324956347895';
    protected $clinetSecret ='hflieryt478';
    
    public function index(Request $request)
    {
    
        if (!($request->input('clientID') && $request->input('clinetSecret'))) {
            return false;
        }
    
        $project = User::all();
    
       return $project
    }
    
    打赏 评论
  • dongzhang2150 2018-03-05 11:20

    Check thoroughly the Grant Type.

    {
        "grant_type": "password",
        "client_id": 2,
        "client_secret": 
        "username": ,
        "password": 
        "scope": ""
    }
    

    In the above example, it says password. Now check the table: oauth_clients and make sure that the value of column password_client = 1

    or look for the entry with the password_client = 1

    打赏 评论
  • douhu4091 2018-04-10 04:52

    I was also facing the same issue , i got the solution from this link. Please check that. https://github.com/laravel/passport/issues/71

    It says that : You make a call to /oauth/token just like you always would to get your token. But do so with a grant_type of custom_request. You'll need to add a byPassportCustomRequest($request) method to your User model (or whatever model you have configured to work with Passport). That method will accept a Illuminate\Http\Request and return the user model if you are able to authenticate the user via the request, or it will return null.

    打赏 评论
  • douduan5086 2019-02-18 13:40

    if you tried everything and still it's not working means try this solution!! just give scope *.

    $query = http_build_query([
        'client_id' => 1,
        'redirect_uri' => 'http://localhost:3000/callback',
        'response_type' => 'code',
        'scope' => '*'
    ]);
    

    in my case this is the solution. I have checked

    打赏 评论
  • dongtiannai0654 2019-05-06 20:26

    I had the same problem. When you execute php artisan passport:install it issues you with two types of secrets, one for CLIENT grant type, and other for PASSWORD grant type.

    I was using the CLIENT secret to issue PASSWORD tokens. Once I changed that up, I was able to generate the access_token and refresh_token normally.

    打赏 评论

相关推荐 更多相似问题