
I try to create oauth2 server on Laravel Passport and test it from third-party application. Oauth server use Laravel, and client use Yii framework. I am unable to modify the client front end and I created a route /api/oauth/login which forwards the request to oauth server:

public function actionOauthLogin()
   $query = http_build_query([
       'client_id' => '12',
       'client_secret' => '',
       'redirect_uri' => 'http://client.loc/api/oauth/callback',
       'response_type' => 'code',
       'scope' => '',
   return $this->redirect('http://oauth-server.loc/oauth/authorize?' . $query);

This method handling /api/oauth/callback route:

public function actionOauthCallback()
    $http = new Client();
    $response = $http->post('http://oauth-server.loc/oauth/token', [
        'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => '3',
            'client_secret' => 'TJDyfygkuga45rtyfj8&65567Yhhgjjjj',
            'redirect_uri' => 'http://client.loc/api/oauth/callback',
            'code' => Yii::app()->request->getParamFromRequest('code'),
    return json_decode((string) $response->getBody(), true);

All realized like in documentation. But when I open /api/oauth/login, forwarding redirection to oauth-server.loc/oauth/authorize?{params} and I see a http basic auth window. Wtf? Nginx has no such settings. Somebody knows what I'm doing wrong? Help me please.

Yesterday I installed phpleague oauth2 client on Yii (oauth2-client.thephpleague.com/providers/implementing). But result is the same.epod
I'm getting the exact same problem. Did you figure out a solution? @epodkirgy

3 Answers


Ensure that the 'redirect_uri' => 'http://client.loc/api/oauth/callback' is the same as as the redirect url that is saved in oauth_clients table with the matching client_id


I had the same problem, in my case the returned parameters told me my parsed scope was invalid; some OAuth2 APIs require scopes which may be where this problem lies.

The solution is to add the array of scopes allowed by your application into the AuthServiceProvider boot method.

// ../app/Providers/AuthServiceProvider.php
// ...
    public function boot()

            'manage-devices' => 'Manage devices',
            'place-orders' => 'Place orders',
            'check-status' => 'Check order status',


You need to set 0 for columns "personal_access_client", "password_client" in "oauth_clients" table for our client and set redirect_uri the same as in request.