Closed georgeboot closed 3 months ago
Hello
Indeed it's made to work with an Authorization grant as the implicit flow is deprecated(https://oauth2.thephpleague.com/authorization-server/implicit-grant/).
I'll take a look if I can provide a way to support it (If you want you can also submit a PR).
There is something you can do without changing the package: It's adding a custom grant type copying the implicit. Inside Laravel you can create a new Grant Type and then register it.
To register the grant type, you can use a ServiceProvider (either reuse one or create a new one)
namespace App\Providers;
use Exception;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Support\ServiceProvider;
use Laravel\Passport\Bridge\RefreshTokenRepository;
use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Passport;
use League\OAuth2\Server\AuthorizationServer;
class GrantAuthServiceProvider extends ServiceProvider
{
/**
* Register services.
*/
public function register()
{
app()->afterResolving(AuthorizationServer::class, function (AuthorizationServer $server) {
$grants = $this->makeGrants();
foreach ($grants as $grant) {
$server->enableGrantType($grant, Passport::tokensExpireIn());
}
});
}
/**
* Bootstrap services.
*/
public function boot(): void
{
}
/**
* @throws BindingResolutionException
* @throws Exception
*/
public function makeGrants(): array
{
$newGrantType = app()->make(ImplicitOpenIdGrant::class); //Build the class using the container or manually
$newGrantType->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
return [
'implicit-open-id' => $newGrantType, // The key is the name of the grant
];
}
}
Issue previously raised in https://github.com/thephpleague/oauth2-server/issues/1374
When I use the authorisation code grant, this works as expected.
However, when I try to do an implict flow by setting
response_type=token id_token
orresponse_type=id_token
, the server always rejects the request because the following check does not match the request: https://github.com/thephpleague/oauth2-server/blob/ab7714d073844497fd222d5d0a217629089936bc/src/Grant/ImplicitGrant.php#L105-L109Are there any recommended ways to bypass this issue?