I'm trying to use the authorization code grant to log third-party clients in passport Oauth server. when i use password grant its work properly and passport give me token and every thing is okey. in third party app i add this code:
Route::get('/redirect', function (Request $request) {
$query = http_build_query([
'client_id' => 3,
'redirect_uri' => 'http://127.0.0.1:8001/callback',
'response_type' => 'code',
'scope' => '',
'state' => \Str::random(40),
]);
return redirect('http://127.0.0.1:8000/oauth/authorize?' . $query);
});
Route::get('/callback', function (Request $request) {
$response = (new GuzzleHttp\Client)->post('http://127.0.0.1:8000/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 3,
'client_secret' => 'Ux6p201tRFrPQ5lLZI1RMce1GYD6qTJ9Qvj7nM2Z',
'redirect_uri' => 'http://127.0.0.1:8001/callback',
'code' => $request->code,
]
]);
session()->put('token', json_decode((string)$response->getBody(), true));
return redirect('/todos');
});
Route::get('/todos', function () {
$response = (new GuzzleHttp\Client)->get('http://127.0.0.1:8000/api/todos', [
'headers' => [
'Authorization' => 'Bearer ' . session()->get('token.access_token')
]
]);
return json_decode((string)$response->getBody(), true);
});
in oauth server i create client with id:3 secret:Ux6p201tRFrPQ5lLZI1RMce1GYD6qTJ9Qvj7nM2Z callback:'http://127.0.0.1:8001/callback'
but when i create request to /redirect from third party app i get: unauthenticated 401 and redirect to login also i try add
Passport::$ignoreCsrfToken = true;
in AuthServiceProvider. but yet still not work. anybody can help me please?
AuthServiceProviderfile addPassport::$ignoreCsrfToken = true;– Sehdev