Laravel 5.4 Passport Implicit Grant Tokens returns a url with the access token, How to return with json?

1
votes

After adding the Passport::enableImplicitGrant(); in AuthServiceProvider.php then testing with the route 

Route::get('/redirect', function () {
    $query = http_build_query([
        'client_id' => 3,
        'redirect_uri' => 'http://consumer.dev/callback',
        'response_type' => 'token',
        'scope' => '',
    ]);

    return redirect('http://passport.dev/oauth/authorize?'.$query);
});

the result is appended in the https://consumer.dev/callback/ url like this

https://consumer.dev/callback/#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImI1YTBhMTllYTEwMTI0ZTc2MGE5MjJkOGUxYTg1OTQyODc1ZGJjNzlmMmI1YTVlZTVmNzJhNDkzZjgxZmFhNGNhZWFkYzIyYmNkNjRlNzQ4In0.eyJhdWQiOiIyIiwianRpIjoiYjVhMGExOWVhMTAxMjRlNzYwYTkyMmQ4ZTFhODU5NDI4NzVkYmM3OWYyYjVhNWVlNWY3MmE0OTNmODFmYWE0Y2FlYWRjMjJiY2Q2NGU3NDgiLCJpYXQiOjE0ODk0NjA0MTksIm5iZiI6MTQ4OTQ2MDQxOSwiZXhwIjoxNTIwOTk2NDE5LCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.EC3ZFELGBj683SZczlGfLOLiH72Sjj34QnwuBeSWsXKs3A9Btx_SbyU6NuK_-WCdeOqS_B_BsZtwtpbqGBVpqYGUBXNwah4WaRg-UB2ojxO0qFT11Mpyfbz0qtK-QZumG6PvkSNeHicE2EgnPo-btjDgYqc4927Z9npIeLTv4URqlu7dDCN2onukTGNES1aq5ysJbiAzQMk5X64DxQOV69pOBDcn5WtRFG5pABBN1D01HSUZ878g-SAkLL28LoonA90f0jsg9Bjgw7rAau1Eb7SIF3APW5o3r4H5LCcPDl_-vt0LDR317Ccv6wNk6284XvDvDnERtqsb3aG6sTLK0MuqvBTy8S-NCUPt8xk8lKf2aLPAy2HqAdhCXyRRtx82mhtC4NVNxVKWZu53yqMk-78i5JSvGfXfrdVR6lnXKy4_l7UVhwhqUDBjN9Qaj-2bbHsIicHWKZT4JaXBr4bsOXHSwrdqrYiICwZGik1FEMSVR_13MFp8tlP8C_A4rbiDHjByZQEg4128XfizcE-BzGKV5FNRgGQPwB41Gjpgpdgsz3p-4ybaYiniVGio9-9JO36PlhVO3zRbe3p5PBPy-DYaByODC3czXkgUagBgZ4_3GejThSNCluLY3CVw4NrFdgbkBOq2MtdwgLW5JlBiD3NqN0LTQb63t8S5QGaLEFg&token_type=bearer&expires_in=31535999

how to return access token to a json not appended in the url or how to properly used the implicit grant in laravel passport and returning the token to a json format.?

2
jsonlaravel

2 Answers

0
votes

Do you mean 

return response()->json('http://passport.dev/oauth/authorize?'.$query);
0
votes

By using Passport::enableImplicitGrant() and including the response_type => 'token', you are telling oAuth explicitly to use ImplicitGrant flow which as per OAuth specification will return the access_token in the fragmented url (after the # part). This is the correct behavior if you like to have the response in JSON you may consider using the other oAuth grant_types.

Please see the link below for further explanation on implicit grant flow

https://tools.ietf.org/html/rfc6749#section-4.2

https://oauth.net/2/grant-types/implicit/