Open in app

Sign in

Write

Sign in

Creating your own Oauth2 server using Laravel Passport —client credentials flow

G
3 min readFeb 3, 2022
Image attribution to https://morioh.com/p/274f0d5cf0ab

Table of contents

  1. Initial config — Recommend you start here
  2. Setting up authorization code flow + with PKCE
  3. Creating your own Oauth2 server using Laravel Passport — client credentials flow — You are here
  4. Creating your own Oauth2 server using Laravel Passport — Password grant flow
  5. Creating your own Oauth2 server using Laravel Passport — Implicit grant flow
  6. Creating your own Oauth2 server using Laravel — Device Grant flow

NB: I’m assuming you’ve already read the initial config article above if not kindly have a look before continuing with this article.

What we will do

  1. We will implement client credential flow.

Analogy

Client credentials flow is used to authenticate the whole application to an auth server and is used to allow the app to interact with API’s in the OAuth server. This allows for machine to machine interaction without involving an intermediary unlike the authorization code flow.

An analogy to this, suppose you(Client app) want to query how many purchases has been made from your friend (Oauth2-Server app), so you can keep on asking him (polling) and he’ll reply. Your friend decides to go on a vacation and as a result he leaves a system which you pass in your name, and a secret that only you two know. If you pass in the correct credentials the system will issue you an access token which you can then use to make the api request to check the purchases.

This flow is summarized as

  1. You send a request to your friend with your name and a secret.
  2. Your friend verifies this data and if it’s correct issues you with an access token.
  3. You take the access token and perform other tasks on your friend’s system.

Step 1: Creating the ‘Client Credentials’ client in OAuth2-Server app

We create the client by running the following command

php artisan passport:client --client

You should have something like this

And in your database you should have something like this

Step 2: Adding new API to Ouath2-Server app

We first need to register the CheckClientCredentials middleware as shown below.

We will add a new API just to demonstrate the use of the flow. I am adding the api GET: api/users which will be used to get a list of users in the system. We set the middleware for this to be passport.client

Step 3: Getting the access token

I’m going to be using postman to create the request to get the access token.

Step 4: using the access token

To use the token we set the token in the Authorization header as Authorization: Bearer {our token}

And that’s it.

Conclusion

Hopefully you can now implement your own Oauth2 server. Leave a clap and feedback if you found this helpful.

You should always use scopes to limit what an access token issued can do in your system. The principle of lease privilege.

What next

  1. Implementing password grant flow.

References

  1. https://github.com/Ghostscypher/OAuth2-Tutorial — Github repo for this tutorial
  2. Laravel Passport — Laravel — The PHP Framework For Web Artisans
Laravel
Passport
Laravel Passport
Oauth2

--

--

G

Written by G

21 Followers

Backend developer with 7+ years of experience. Specializing mainly in PHP Laravel. Interested in natural simulations, visualization systems, and anything nerdy

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams