farindra/CheckAPICredentials.php

## CheckAPICredentials.php
/**
* It seems link the AuthGuardMiddleware and ClientCredMiddleware are classes of your own?
* For now I've done something similar and created my own middleware as well, but as an extension of the CheckClientCredentials middleware from Passport. I've overridden the handle() function and left out the firstparty-check that has been added in the PR. It looks like this now:
*/

class CheckAPICredentials extends CheckClientCredentials
{
    /**
     * Validate the scopes and token on the incoming request.
     *
     * @param  \Psr\Http\Message\ServerRequestInterface $psr
     * @param  array  $scopes
     * @return void
     * @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException
     */
    protected function validate($psr, $scopes)
    {
        $token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));

        if (! $token ) {
            throw new AuthenticationException;
        }

        if (in_array('*', $token->scopes)) {
            return;
        }

        foreach ($scopes as $scope) {
            if ($token->cant($scope)) {
                throw new MissingScopeException($scope);
            }
        }
    }
}
// I guess it could be nice to have this (or something similar) as a standard middleware in Passport? Because the main issue in the PR was that that the name suggested it was checking on Client tokens and it accepted all tokens.
	/**
	* It seems link the AuthGuardMiddleware and ClientCredMiddleware are classes of your own?
	* For now I've done something similar and created my own middleware as well, but as an extension of the CheckClientCredentials middleware from Passport. I've overridden the handle() function and left out the firstparty-check that has been added in the PR. It looks like this now:
	*/

	class CheckAPICredentials extends CheckClientCredentials
	{
	/**
	* Validate the scopes and token on the incoming request.
	*
	* @param \Psr\Http\Message\ServerRequestInterface $psr
	* @param array $scopes
	* @return void
	* @throws \Laravel\Passport\Exceptions\MissingScopeException\|\Illuminate\Auth\AuthenticationException
	*/
	protected function validate($psr, $scopes)
	{
	$token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));

	if (! $token ) {
	throw new AuthenticationException;
	}

	if (in_array('*', $token->scopes)) {
	return;
	}

	foreach ($scopes as $scope) {
	if ($token->cant($scope)) {
	throw new MissingScopeException($scope);
	}
	}
	}
	}
	// I guess it could be nice to have this (or something similar) as a standard middleware in Passport? Because the main issue in the PR was that that the name suggested it was checking on Client tokens and it accepted all tokens.