Skip to content

Instantly share code, notes, and snippets.

@farindra
Last active December 13, 2019 08:12
Show Gist options
  • Save farindra/814b72397c3e72fa3a15b6ca2e7b77e8 to your computer and use it in GitHub Desktop.
Save farindra/814b72397c3e72fa3a15b6ca2e7b77e8 to your computer and use it in GitHub Desktop.
/**
* It seems link the AuthGuardMiddleware and ClientCredMiddleware are classes of your own?
* For now I've done something similar and created my own middleware as well, but as an extension of the CheckClientCredentials middleware from Passport. I've overridden the handle() function and left out the firstparty-check that has been added in the PR. It looks like this now:
*/
class CheckAPICredentials extends CheckClientCredentials
{
/**
* Validate the scopes and token on the incoming request.
*
* @param \Psr\Http\Message\ServerRequestInterface $psr
* @param array $scopes
* @return void
* @throws \Laravel\Passport\Exceptions\MissingScopeException|\Illuminate\Auth\AuthenticationException
*/
protected function validate($psr, $scopes)
{
$token = $this->repository->find($psr->getAttribute('oauth_access_token_id'));
if (! $token ) {
throw new AuthenticationException;
}
if (in_array('*', $token->scopes)) {
return;
}
foreach ($scopes as $scope) {
if ($token->cant($scope)) {
throw new MissingScopeException($scope);
}
}
}
}
// I guess it could be nice to have this (or something similar) as a standard middleware in Passport? Because the main issue in the PR was that that the name suggested it was checking on Client tokens and it accepted all tokens.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment