-
-
Save minhloc2011/3012fbebf346c62b819f4f2b75a40954 to your computer and use it in GitHub Desktop.
Add Custom Claims to Passport 8 / Laravel 6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Passport; | |
use App\User; | |
use Lcobucci\JWT\Builder; | |
use Lcobucci\JWT\Signer\Key; | |
use League\OAuth2\Server\CryptKey; | |
use Lcobucci\JWT\Signer\Rsa\Sha256; | |
use Laravel\Passport\Bridge\AccessToken as BaseToken; | |
class AccessToken extends BaseToken { | |
private $privateKey; | |
/** | |
* Generate a string representation from the access token | |
*/ | |
public function __toString() { | |
return (string) $this->convertToJWT( $this->privateKey ); | |
} | |
/** | |
* Set the private key used to encrypt this access token. | |
*/ | |
public function setPrivateKey( CryptKey $privateKey ) { | |
$this->privateKey = $privateKey; | |
} | |
public function convertToJWT( CryptKey $privateKey ) { | |
$builder = new Builder(); | |
$builder->permittedFor( $this->getClient()->getIdentifier() ) | |
->identifiedBy( $this->getIdentifier(), true ) | |
->issuedAt( time() ) | |
->canOnlyBeUsedAfter( time() ) | |
->expiresAt( $this->getExpiryDateTime()->getTimestamp() ) | |
->relatedTo( $this->getUserIdentifier() ) | |
->withClaim( 'iss', 'http://localhost:8080/' ) | |
->withClaim( 'scopes', $this->getScopes() ); | |
if ( $user = User::find( $this->getUserIdentifier() ) ) { | |
$builder | |
->withClaim( 'uid', $user->id ); | |
// Include additional user claims for user here | |
} | |
return $builder | |
->getToken( new Sha256(), new Key( $privateKey->getKeyPath(), $privateKey->getPassPhrase() ) ); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Repositories; | |
use App\Passport\AccessToken; | |
use Laravel\Passport\Bridge\AccessTokenRepository as BaseRepository; | |
use League\OAuth2\Server\Entities\ClientEntityInterface; | |
class AccessTokenRepository extends BaseRepository { | |
public function getNewToken( ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null ) { | |
return new AccessToken( $userIdentifier, $scopes, $clientEntity ); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// located in config/app.php | |
'providers' => [ | |
... | |
/* | |
* Application Service Providers... | |
*/ | |
App\Providers\PassportServiceProvider::class, | |
], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Providers; | |
use App\Repositories\AccessTokenRepository; | |
use Laravel\Passport\Bridge\ClientRepository; | |
use Laravel\Passport\Bridge\ScopeRepository; | |
use League\OAuth2\Server\AuthorizationServer; | |
class PassportServiceProvider extends \Laravel\Passport\PassportServiceProvider { | |
public function makeAuthorizationServer() { | |
return new AuthorizationServer( | |
$this->app->make( ClientRepository::class ), | |
$this->app->make( AccessTokenRepository::class ), | |
$this->app->make( ScopeRepository::class ), | |
$this->makeCryptKey( 'private' ), | |
app( 'encrypter' )->getKey() | |
); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment