Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix exception will thrown if token belongs to first party clients #1040

Merged
merged 1 commit into from
Jul 6, 2019
Merged

Fix exception will thrown if token belongs to first party clients #1040

merged 1 commit into from
Jul 6, 2019

Conversation

alshf89
Copy link
Contributor

@alshf89 alshf89 commented Jul 6, 2019

I made a pull request for issue #691.

So when someone passes a token in their request which belongs to first party clients (such as Password Credentials), our middlewares will throw an Illuminate\Auth\AuthenticationException Exception.

So only those who have issued access token with Client Credentials grant type can go through CheckClientCredential & CheckClientCredentialForAnyScope Middlewares.

@taylorotwell taylorotwell merged commit 079d853 into laravel:master Jul 6, 2019
@madman-81 madman-81 mentioned this pull request Nov 6, 2019
Closed
This was referenced Nov 15, 2019
Closed
Merged
@alvirbismonte
Copy link

alvirbismonte commented Nov 21, 2019
edited
Loading

Hi @JuanDMeGon ,

I believe the reason behind this change is because they separated the authentication between the user credentials(password grant type) and client credentials (client grant type). As mentioned from API Authentication (Passport) which states that

client credentials grant is suitable for machine-to-machine authentication

@JuanDMeGon JuanDMeGon mentioned this pull request Nov 22, 2019
Closed
@JuanDMeGon
Copy link
Contributor

Thanks. I think it is not correct. The purpose of the client credentials grant is to validate the access to the API from valid clients when there is not User data involved.
Basically, it is what stands in OAuth2 official site:
"The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user." Source
I opened an issue (#1125) to discuss this, maybe you would like to comment on your opinion on this.
Best wishes :)

@X-Coder264 X-Coder264 mentioned this pull request Jan 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alshf89 @alvirbismonte @JuanDMeGon @taylorotwell