[5.x] Support Laravel Passport

laravel / jetstream

Tailwind scaffolding for the Laravel framework.

https://jetstream.laravel.com

MIT License

3.98k stars 822 forks source link

[5.x] Support Laravel Passport #1521

Open hafezdivandari opened 3 months ago

hafezdivandari commented 3 months ago

[x] Requires laravel/passport#1771
[ ] Requires laravel/framework#52367

Todo

Add description for confidential checkbox.
Add "enable device flow" checkbox.
Fix Passport version on composer.json.
Add tests stubs.

Features

First-party integration with Laravel Passport.
New OAuth option during installation: jetstream:install --api --oauth
Support for both Jetstream's stacks: Inertia and Livewire.
Manage API tokens (PATs) via Passport: list, add, and delete.
New OAuth Features:
- Manage OAuth connections with third-party apps and services: list and delete connections.
- Manage OAuth apps: list, add, update, and delete apps.
- Fully customizable: you may easily add more client metadata, e.g. Application logo
Authorize View (for auth code and implicit grants)
Device Views (for device auth grant)

OAuth Apps

oauth-apps

API Tokens

passport-api-tokens

Authorize View

laravel-jetstream

github-actions[bot] commented 3 months ago

Thanks for submitting a PR!

Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface.

Pull requests that are abandoned in draft may be closed due to inactivity.

inmanturbo commented 3 months ago

Hey this is a great idea! I have maintained a package since the start of Jetstream which adds Passport support to Jetstream. It's possible you may find some of the code useful to your PR. Feel free to use what you need. First party support would be nice.

https://github.com/headerx/laravel-jetstream-passport

hafezdivandari commented 3 months ago

Thank you, @inmanturbo! I appreciate the feedback and the offer to use your package as a reference. If you have any suggestions or insights from your experience maintaining that package, I'd love to hear them. This PR is still a work in progress, and I plan to add tests and implement the new device flow as soon as the required PRs on Passport merged.

vincentleijen commented 2 months ago

@hafezdivandari First of all: amazing work!

While clicking on the 'Authorize' button I encounter cors problems:

(I've added https://server.dev to the client's allowed_origins just to be sure) Network-tab reveals there is no Access-Control-Allow-Origin set while requesting. When I manually visit the https://client.dev/oauth/callback?code=x&state=x link everything works as expected.

Edit: When I manually visit the callback link I see a preflight request with OPTIONS set (including the allowed origin header) in my network tab. I don't see this preflight request showing up after clicking the 'Authorize' button.

hafezdivandari commented 2 months ago

@vincentleijen You may check https://github.com/laravel/passport/issues/213#issuecomment-979906551 and https://github.com/inertiajs/inertia-laravel/pull/323#issuecomment-993450275 and https://github.com/inertiajs/inertia-laravel/issues/303. The CORS issue seems to be totally unrelated to this PR.

vincentleijen commented 2 months ago

ou may check laravel/passport#213 (comment) and inertiajs/inertia-laravel#323 (comment) and inertiajs/inertia-laravel#303. The CORS issue seems to be totally unrelated to this PR.

@hafezdivandari https://github.com/laravel/passport/issues/213#issuecomment-979906551 This fixed indeed the issue. In that case please consider my previous message as unsent!