'Laravel 9 - Passport custom api for Authorization

In my application, I am using Passport for Authentication. I have created a Password grant client for generating access tokens for our mobile and web app.

Now I have to add a third-party client that can access some of our resources. For this, I created a client.

Now for a user that can authorize this third-party client for access the resources on behalf of him have to come to our website and login and then needs to authorize to get the authorization code. This I want to do in our own web app. For that, I need to create an API where as a request I will receive client_id, client_secret, grant_type, redirect_url, scopes, etc and return the authorization code.

But nowhere I see an option to create a custom API for generating the authorization code?

-- Edited

https://laravel.com/docs/9.x/passport#approving-the-request

As mentioned here Passport will automatically display a template to the user allowing them to approve or deny the authorization request

We have our own SPA, we can't use the template provided by Passport. Somehow we need to override this and create an API that our SPA can call for authoring or denying the authorization request.

phplaraveloauth-2.0laravel-9


Solution 1:[1]

To create custom api for authorization, you'll need to override default Passport routes in AuthServiceProvider.php

app/Providers/AuthServiceProvider.php

use Illuminate\Support\Facades\Route;

public function boot()
{
    $this->registerPolicies();

    Passport::routes();

    Route::post('<route_you_want_to_override>', [
        'uses' => '<YourCustomAuthorizationController@Method>',
        'as' => 'passport.token',
    ]);
}

Once done make sure to clear the route cache

php artisan route:clear

And to override Passport default template, you'll first to need to publish the passport views so that required views are available at resources/views/vendor/passport path and you can modify the required view

php artisan vendor:publish --tag=passport-views

Solution 2:[2]

We had a similar need in our app a while ago.
We ended up using passport api for our need (with password grant) and we have put in place Sanctum for our end user/customer. For customer, is much simpler/easy to get a unique token from Sanctum and then make api call with it.
The good part, is that you will have two separate system dedicated to two separate needs (yours and your customer).
I hope this helps you.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Haridarshan
Solution 2 ml59

Related Questions