[Question] Passport - Password Grant Tokens

[edwingromero]

How about guys? I am trying to use passport and ldap in a project. Everything works perfect with "Personal Access Token". But when I try to create "Password Grant Tokens" I get the following error.

[stevebauman]

Hi @edwingromero,

I would hesitate to call this an LdapRecord-Laravel issue. Is there a stack trace of this error in your application logs that you can post?

[edwingromero]

[2021-06-01 21:15:10] local.INFO: LDAP (ldaps://192.168.30.100:636) - Operation: Binding - Username: **@??.local
[2021-06-01 21:15:11] local.INFO: LDAP (ldaps://192.168.30.100:636) - Operation: Bound - Username: @.local
[2021-06-01 21:15:11] local.INFO: LDAP (ldaps://192.168.30.100:636) - Operation: Search - Base DN: - Filter: (&(objectclass=top)(objectclass=person)(objectclass=organizationalperson)(objectclass=user)(email=eromero)(!(objectclass=computer))) - Selected: (objectguid,) - Time Elapsed: 135.64
[2021-06-01 21:15:11] local.ERROR: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. {"exception":"[object] (Laravel\Passport\Exceptions\OAuthServerException(code: 10): The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. at C:\laragon\www\passport\vendor\laravel\passport\src\Http\Controllers\HandlesOAuthErrors.php:26) [stacktrace]

0 C:\laragon\www\passport\vendor\laravel\passport\src\Http\Controllers\AccessTokenController.php(67): Laravel\Passport\Http\Controllers\AccessTokenController->withErrorHandling(Object(Closure))

1 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\ControllerDispatcher.php(48): Laravel\Passport\Http\Controllers\AccessTokenController->issueToken(Object(Nyholm\Psr7\ServerRequest))

2 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Route.php(254): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(Laravel\Passport\Http\Controllers\AccessTokenController), 'issueToken')

3 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Route.php(197): Illuminate\Routing\Route->runController()

4 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(695): Illuminate\Routing\Route->run()

5 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))

6 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Middleware\ThrottleRequests.php(127): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

7 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Middleware\ThrottleRequests.php(63): Illuminate\Routing\Middleware\ThrottleRequests->handleRequest(Object(Illuminate\Http\Request), Object(Closure), Array)

8 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Routing\Middleware\ThrottleRequests->handle(Object(Illuminate\Http\Request), Object(Closure))

9 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

10 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(697): Illuminate\Pipeline\Pipeline->then(Object(Closure))

11 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(672): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))

12 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(636): Illuminate\Routing\Router->runRoute(Object(Illuminate\Http\Request), Object(Illuminate\Routing\Route))

13 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(625): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))

14 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(166): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))

15 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))

16 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

17 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

18 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle(Object(Illuminate\Http\Request), Object(Closure))

19 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

20 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

21 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(Illuminate\Http\Request), Object(Closure))

22 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

23 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))

24 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

25 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(Illuminate\Http\Request), Object(Closure))

26 C:\laragon\www\passport\vendor\fruitcake\laravel-cors\src\HandleCors.php(38): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

27 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Fruitcake\Cors\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))

28 C:\laragon\www\passport\vendor\fideloper\proxy\src\TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

29 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Fideloper\Proxy\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))

30 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

31 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(141): Illuminate\Pipeline\Pipeline->then(Object(Closure))

32 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(110): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))

33 C:\laragon\www\passport\public\index.php(52): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))

34 {main}

[previous exception] [object] (League\OAuth2\Server\Exception\OAuthServerException(code: 10): The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. at C:\laragon\www\passport\vendor\league\oauth2-server\src\Exception\OAuthServerException.php:263) [stacktrace]

0 C:\laragon\www\passport\vendor\league\oauth2-server\src\Grant\PasswordGrant.php(107): League\OAuth2\Server\Exception\OAuthServerException::invalidGrant()

1 C:\laragon\www\passport\vendor\league\oauth2-server\src\Grant\PasswordGrant.php(54): League\OAuth2\Server\Grant\PasswordGrant->validateUser(Object(Nyholm\Psr7\ServerRequest), Object(Laravel\Passport\Bridge\Client))

2 C:\laragon\www\passport\vendor\league\oauth2-server\src\AuthorizationServer.php(198): League\OAuth2\Server\Grant\PasswordGrant->respondToAccessTokenRequest(Object(Nyholm\Psr7\ServerRequest), Object(League\OAuth2\Server\ResponseTypes\BearerTokenResponse), Object(DateInterval))

3 C:\laragon\www\passport\vendor\laravel\passport\src\Http\Controllers\AccessTokenController.php(65): League\OAuth2\Server\AuthorizationServer->respondToAccessTokenRequest(Object(Nyholm\Psr7\ServerRequest), Object(Nyholm\Psr7\Response))

4 C:\laragon\www\passport\vendor\laravel\passport\src\Http\Controllers\HandlesOAuthErrors.php(24): Laravel\Passport\Http\Controllers\AccessTokenController->Laravel\Passport\Http\Controllers\{closure}()

5 C:\laragon\www\passport\vendor\laravel\passport\src\Http\Controllers\AccessTokenController.php(67): Laravel\Passport\Http\Controllers\AccessTokenController->withErrorHandling(Object(Closure))

6 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\ControllerDispatcher.php(48): Laravel\Passport\Http\Controllers\AccessTokenController->issueToken(Object(Nyholm\Psr7\ServerRequest))

7 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Route.php(254): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(Laravel\Passport\Http\Controllers\AccessTokenController), 'issueToken')

8 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Route.php(197): Illuminate\Routing\Route->runController()

9 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(695): Illuminate\Routing\Route->run()

10 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))

11 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Middleware\ThrottleRequests.php(127): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

12 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Middleware\ThrottleRequests.php(63): Illuminate\Routing\Middleware\ThrottleRequests->handleRequest(Object(Illuminate\Http\Request), Object(Closure), Array)

13 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Routing\Middleware\ThrottleRequests->handle(Object(Illuminate\Http\Request), Object(Closure))

14 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

15 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(697): Illuminate\Pipeline\Pipeline->then(Object(Closure))

16 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(672): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))

17 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(636): Illuminate\Routing\Router->runRoute(Object(Illuminate\Http\Request), Object(Illuminate\Routing\Route))

18 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Routing\Router.php(625): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))

19 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(166): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))

20 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))

21 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

22 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

23 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle(Object(Illuminate\Http\Request), Object(Closure))

24 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

25 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

26 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(Illuminate\Http\Request), Object(Closure))

27 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

28 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))

29 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

30 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(Illuminate\Http\Request), Object(Closure))

31 C:\laragon\www\passport\vendor\fruitcake\laravel-cors\src\HandleCors.php(38): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

32 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Fruitcake\Cors\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))

33 C:\laragon\www\passport\vendor\fideloper\proxy\src\TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

34 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(167): Fideloper\Proxy\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))

35 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

36 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(141): Illuminate\Pipeline\Pipeline->then(Object(Closure))

37 C:\laragon\www\passport\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(110): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))

38 C:\laragon\www\passport\public\index.php(52): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))

39 {main}

"}

[stevebauman]

It looks like Passport is attempting to query for a user in your LDAP server from your ldap authentication guard with the email filter (email=eromero) -- which is incorrect. I'm assuming you're using usernames instead of email addresses?

[edwingromero]

That's right, I use samaccountname. For Personal Access Token I use the following.

But for Password Grant Tokens I send the parameters to "/oauth/token" which is a route that passport creates by default. Add the following method in the User model to change the email to samaccountname

[stevebauman]

Add the following method in the User model to change the email to samaccountname

Are you certain this findForPassport() method is being called? If you dd() inside of there, does your application dump-and-die?

[edwingromero]

With or without the method I get the same error.

[edwingromero]

Add dd() inside the findForPassport method and nothing happens. It is as if he did not take it into account. Is rare

[edwingromero]

Add the following method in the User model to change the email to samaccountname

Are you certain this findForPassport() method is being called? If you dd() inside of there, does your application dump-and-die?

Detect dd () in findForPassport when I use the provider "user".

When I use the provider "ldap" it does not detect it and the usual error appears.

[stevebauman]

You're going to have to help me out a bit here -- I'll either need you to create and post a link to a GitHub repository with the exact steps to recreate this issue, or dive deep into Laravel Passport and see what the issue may be and then let me know if it's a bug I have to fix 👍

[edwingromero]

You're going to have to help me out a bit here -- I'll either need you to create and post a link to a GitHub repository with the exact steps to recreate this issue, or dive deep into Laravel Passport and see what the issue may be and then let me know if it's a bug I have to fix 👍

Ok

[edwingromero]

You're going to have to help me out a bit here -- I'll either need you to create and post a link to a GitHub repository with the exact steps to recreate this issue, or dive deep into Laravel Passport and see what the issue may be and then let me know if it's a bug I have to fix 👍

Ok

Hello, sorry for the delay. This is the repository. You just have to put the ldap variables in the .env file

https://github.com/edwingromero/ldap-passport