Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CreateFreshApiToken middleware not working in multi auth #1280

Closed
RahulDey12 opened this issue May 25, 2020 · 6 comments
Closed

CreateFreshApiToken middleware not working in multi auth #1280

RahulDey12 opened this issue May 25, 2020 · 6 comments

Comments

@RahulDey12
Copy link

@billriess will it work with CreateFreshApiToken middleware

Originally posted by @RahulDey12 in #982 (comment)

Multi auth is not working with CreateFreshApiToken middleware if there is same user id it is always showing login
@RahulDey12 RahulDey12 changed the title @billriess will it work with CreateFreshApiToken middleware CreateFreshApiToken middleware not working in multi auth May 25, 2020
@driesvints
Copy link
Member

If you use it as a route middleware you can specify the guard name on the routes you want to auth:

protected $routeMiddleware = [
    ...
    'api_token' => \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
]
Route::group(['middleware' => 'api_token:guard-name'], function() {
     // routes here.
});

@RahulDey12
Copy link
Author

RahulDey12 commented May 25, 2020
edited
Loading

Nothing happened if there is two models with same id it is exposing one another's details

public function __construct()
    {
        $this->middleware(['auth', 'api_token:web']);
    }

with this code same id User & Admin Authenticating to a API route

@billriess
Copy link
Contributor

Can you try to explain the scenario more and the issues are you facing? Try to be specific.

The original issue I was aiming to solve was based on Password grants. In the Password grant scenario I was trying to authenticate a specific user "type" (provider) to a Passport\Client. The PR that was merged achieves exactly this. The PR sat open for a while and encouraged additional input but not much was said and once it was tested and vetted from the Laravel staff it was merged.

The provider is being validated for Bearer Tokens not Cookies so I assume this would be the issue you are facing, is that correct?

@RahulDey12
Copy link
Author

passport/src/ApiTokenCookieFactory.php

Lines 74 to 82 in 0931d75

protected function createToken($userId, $csrfToken, Carbon $expiration)
{
return JWT::encode([
'sub' => $userId,
'csrf' => $csrfToken,
'expiry' => $expiration->getTimestamp(),
], $this->encrypter->getKey());
}
}

In this section, nothing is verifying the provider

@RahulDey12
Copy link
Author

Can you try to explain the scenario more and the issues are you facing? Try to be specific.

The original issue I was aiming to solve was based on Password grants. In the Password grant scenario I was trying to authenticate a specific user "type" (provider) to a Passport\Client. The PR that was merged achieves exactly this. The PR sat open for a while and encouraged additional input but not much was said and once it was tested and vetted from the Laravel staff it was merged.

The provider is being validated for Bearer Tokens not Cookies so I assume this would be the issue you are facing, is that correct?

Ok, So this feature is also important for consuming own javascript api

@billriess
Copy link
Contributor

Check #1282

If you can, try testing this locally and let me know if it works. Comment in the PR your findings. This will help get this pushed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@driesvints @billriess @RahulDey12