jeremy379 / laravel-openid-connect

Implement OpenID Connect inside Laravel
MIT License
26 stars 13 forks source link

/oauth/token does not return id_token in Laravel 11 #31

Open GonzaloVivas opened 1 month ago

GonzaloVivas commented 1 month ago

Hi! I'm trying to implement this library in a Laravel 11 app, but i can't get it to work. After following the readme instructions the library seems to work since i see the openid scope in the consent screen, but after that when i call the /oauth/token endpoint it still returns an access_token and a refresh_token, but not an id_token.

Laravel 11 only includes AppServiceProvider so the step 1 of readme should work in this file, i'm not sure if this change has anything to do with it.

Am I missing something? Thank you in advance.

Scumi commented 1 month ago

I'm having the same issue. Thanks for reporting.

Scumi commented 1 month ago

It works if I add $this->registerAuthorizationServer(); to the boot()-method of PassportServiceProvider. If left out, makeAuthorizationServer() is never called.

jeremy379 commented 1 month ago

Hello Thanks for reporting

I'll plan some time asap to set up a test on Laravel11 on my side.

megawubs commented 1 month ago

It works if I add $this->registerAuthorizationServer(); to the boot()-method of PassportServiceProvider. If left out, makeAuthorizationServer() is never called.

This helped me.

I also added the service providers for this package and laravel/passport to the do not discover setting in composer.json. This to ensure that only our service provider is registered.

georgeboot commented 1 week ago

This issue seems to be due to the fact that in Laravel 11, the service provider order is different.

Laravel first registers the service provider from this package, but later ALSO registers the original Passport service provider.

This works before because the order (by luck?) worked out so that the original would run first, and than the provider from this package overwrote the services because it was registered later.

Hence, the only correct solution is to add laravel/passport to the dont-discover list in your composer.json

GonzaloVivas commented 1 week ago

This issue seems to be due to the fact that in Laravel 11, the service provider order is different.

Laravel first registers the service provider from this package, but later ALSO registers the original Passport service provider.

This works before because the order (by luck?) worked out so that the original would run first, and than the provider from this package overwrote the services because it was registered later.

Hence, the only correct solution is to add laravel/passport to the dont-discover list in your composer.json

Thank you for your help and the explanation @georgeboot! It seems to be working correctly.