All geek questions in one place

Laravel and oauth 2

I searched high and low, but did not find anything that could help.

I am very new to oAuth.

I am using https://github.com/lucadegasperi/oauth2-server-laravel .

I am creating a REST API service. The Clientthere will be a website. I use Password Flowfor authentication.

My understanding, please correct me if I am wrong.

oauth_clientstable (id, secret, name). The Client- This is the Website, not the individual users who log in to the website. I will use the identifier The Clientand secret with an individual username and password.

I follow the instructions on the page above.

I use the method POSTonhttp://api.domain.com/oauth/access_token?grant_type=password&client_id=BCA545A934F5F4528DA3EE567E8E4&client_secret=5184B7C4E11ED3EEF99DA1A1DD9C3&username=email@email.com&password=password&scope=scope1,scope2&state=123456789

This authenticates both the client and the user, but here is the problem. I have no idea where I installed scopeorstate

This is the answer { "error": "invalid_scope", "error_description": "The requested scope is invalid, unknown, or malformed. Check the \"scope1\" scope." }

Honestly, I don't know what the next step is, even if I set Scope or State, what is the next step?

Thank.

EDIT

I added a dummy entry to the scope table and added this value to the scope and worked.

Now I understand the scope, I just do not know why this is necessary.

I received a response with an access token. Now I understand the concept of oAuth. I already implemented a login / access system, but I could get rid of it and stick with oAuth. I tried using oAuth to authenticate a website with a REST API service, but this does not seem like a way to do this.

So now my next question is: is there a way to add an access token in the header instead of the URL parameter?

+4
1

OAuth2 configuration ( )

php artisan config:publish lucadegasperi/oauth2-server-laravel

app/config/packages/lucadegasperi/oauth2-server-laravel/oauth2.php

, basic oauth_scopes.

|--------------------------------------------------------------------------
    | Default Scope
    |--------------------------------------------------------------------------
    |
    | The default scope to use if not present in the query string
    |
    */
    'default_scope' => 'basic',

access_token.

Q2: URL-?

. http.

true, access_token

 |--------------------------------------------------------------------------
    | HTTP Header Only
    |--------------------------------------------------------------------------
    |
    | This will tell the resource server where to check for the access_token.
    | By default it checks both the query string and the http headers
    |
    */
    'http_headers_only' => false,
+4

Source: https://habr.com/ru/post/1542132/

More articles:


All Articles