<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class AddTrustedToOauthClients extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('oauth_clients', function (Blueprint $table) {
$table->boolean('trusted')->after('revoked')->default(true);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('oauth_clients', function (Blueprint $table) {
$table->dropColumn('trusted');
});
}
}
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
//custom authorization routes
\Route::get('oauth/authorize', [
'uses' => '\App\Http\Controllers\CustomOauthAuthorizationController@authorize',
])->middleware(['web', 'auth']);
}
}
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Laravel\Passport\TokenRepository;
use Laravel\Passport\ClientRepository;
use Psr\Http\Message\ServerRequestInterface;
use Laravel\Passport\Http\Controllers\AuthorizationController as OauthAuthorizationController;
class CustomOauthAuthorizationController extends OauthAuthorizationController
{
/**
* Authorize a client to access the user's account.
*
* @param \Psr\Http\Message\ServerRequestInterface $psrRequest
* @param \Illuminate\Http\Request $request
* @param \Laravel\Passport\ClientRepository $clients
* @param \Laravel\Passport\TokenRepository $tokens
* @return \Illuminate\Http\Response
*/
public function authorize(ServerRequestInterface $psrRequest,
Request $request,
ClientRepository $clients,
TokenRepository $tokens)
{
return $this->withErrorHandling(function () use ($psrRequest, $request, $clients, $tokens) {
$authRequest = $this->server->validateAuthorizationRequest($psrRequest);
$scopes = $this->parseScopes($authRequest);
$token = $tokens->findValidToken(
$user = $request->user(),
$client = $clients->find($authRequest->getClient()->getIdentifier())
);
$trusted_client = (boolean)$client->trusted;
if (($token && $token->scopes === collect($scopes)->pluck('id')->all()) || $trusted_client) {
return $this->approveRequest($authRequest, $user);
}
$log_info = [
'trusted_client' => $trusted_client,
'client' => $client,
];
\Log::info('Oauth Authorize client login ...', $log_info);
$request->session()->put('authRequest', $authRequest);
return $this->response->view('passport::authorize', [
'client' => $client,
'user' => $user,
'scopes' => $scopes,
'request' => $request,
]);
});
}
}