From 624affe55344e0e311c092c761845dc729f37da9 Mon Sep 17 00:00:00 2001
From: Jon Erickson <jon@deschutesdesigngroup.com>
Date: Sun, 1 Sep 2024 10:30:12 -0700
Subject: [PATCH 1/3] Add docs on how to customize the passport authorization
view
---
passport.md | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/passport.md b/passport.md
index 8e06f93ff57..48cf9b0d409 100644
--- a/passport.md
+++ b/passport.md
@@ -19,6 +19,7 @@
- [Authorization Code Grant With PKCE](#code-grant-pkce)
- [Creating the Client](#creating-a-auth-pkce-grant-client)
- [Requesting Tokens](#requesting-auth-pkce-grant-tokens)
+ - [Customizing the Authorization View](#customizing-the-authorization-view)
- [Password Grant Tokens](#password-grant-tokens)
- [Creating a Password Grant Client](#creating-a-password-grant-client)
- [Requesting Tokens](#requesting-password-grant-tokens)
@@ -616,6 +617,45 @@ If the state parameter matches, the consumer should issue a `POST` request to yo
return $response->json();
});
+<a name="customizing-the-authorization-view"></a>
+### Customizing the Authorization View
+
+When a client visits your applications `/oauth/authorize` route, an authorization view will be presented requiring the user to approve the authorization request. By default, the package presents a generic blade view containing a form to approve the request.
+
+All the authorization view's rendering logic may be customized using the appropriate methods available via the `Laravel\Passport\Passport` class. Typically, you should call this method from the `boot` method of your application's `App\Providers\AppServiceProvider` class. Passport will take care of defining the `/oauth/authorize` route that returns the view:
+
+ /**
+ * Bootstrap any application services.
+ */
+ public function boot(): void
+ {
+ Passport::authorizationView('passport.authorize');
+ }
+
+Your authorization template should include a form that makes a `POST` request to `/oauth/authorize`. The `/oauth/authorize` endpoint expects the string `state`, `client_id`, `auth_token` and the CSRF token as `_token` if not already being passed.
+
+When using a custom authorization view, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.
+
+Inertia is also supported as a valid authorization view response:
+
+ /**
+ * Bootstrap any application services.
+ */
+ public function boot(): void
+ {
+ Passport::authorizationView(function ($parameters) {
+ return Inertia::render('passport/Authorize', [
+ 'client' => $parameters['client']->id,
+ 'description' => $parameters['client']->description,
+ 'name' => $parameters['client']->name,
+ 'scopes' => $parameters['scopes'],
+ 'state' => $parameters['request']->state,
+ 'authToken' => $parameters['authToken'],
+ 'csrfToken' => csrf_token(),
+ ]);
+ });
+ }
+
<a name="password-grant-tokens"></a>
## Password Grant Tokens
From 34b1d8e014dac6f516ba84b969fc67df5048ac5d Mon Sep 17 00:00:00 2001
From: Jon Erickson <jon@deschutesdesigngroup.com>
Date: Sun, 1 Sep 2024 10:36:02 -0700
Subject: [PATCH 2/3] Grammar changes
---
passport.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/passport.md b/passport.md
index 48cf9b0d409..27a18b5e0a3 100644
--- a/passport.md
+++ b/passport.md
@@ -620,7 +620,7 @@ If the state parameter matches, the consumer should issue a `POST` request to yo
<a name="customizing-the-authorization-view"></a>
### Customizing the Authorization View
-When a client visits your applications `/oauth/authorize` route, an authorization view will be presented requiring the user to approve the authorization request. By default, the package presents a generic blade view containing a form to approve the request.
+When a client visits your application's `/oauth/authorize` route, an authorization view will be presented requiring the user to approve the authorization request. By default, the package presents a generic blade view containing a form to approve the request.
All the authorization view's rendering logic may be customized using the appropriate methods available via the `Laravel\Passport\Passport` class. Typically, you should call this method from the `boot` method of your application's `App\Providers\AppServiceProvider` class. Passport will take care of defining the `/oauth/authorize` route that returns the view:
@@ -634,7 +634,7 @@ All the authorization view's rendering logic may be customized using the appropr
Your authorization template should include a form that makes a `POST` request to `/oauth/authorize`. The `/oauth/authorize` endpoint expects the string `state`, `client_id`, `auth_token` and the CSRF token as `_token` if not already being passed.
-When using a custom authorization view, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.
+When using `Passport::authorizationView()`, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.
Inertia is also supported as a valid authorization view response:
From 1eb594308689552b172c981dc9bf4b780203c624 Mon Sep 17 00:00:00 2001
From: Jon Erickson <jon@deschutesdesigngroup.com>
Date: Fri, 6 Sep 2024 09:24:59 -0600
Subject: [PATCH 3/3] Remove unused client property
---
passport.md | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/passport.md b/passport.md
index 27a18b5e0a3..9ce7edb8326 100644
--- a/passport.md
+++ b/passport.md
@@ -634,7 +634,7 @@ All the authorization view's rendering logic may be customized using the appropr
Your authorization template should include a form that makes a `POST` request to `/oauth/authorize`. The `/oauth/authorize` endpoint expects the string `state`, `client_id`, `auth_token` and the CSRF token as `_token` if not already being passed.
-When using `Passport::authorizationView()`, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.
+When using `Passport::authorizationView()`, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.
Inertia is also supported as a valid authorization view response:
@@ -645,8 +645,7 @@ Inertia is also supported as a valid authorization view response:
{
Passport::authorizationView(function ($parameters) {
return Inertia::render('passport/Authorize', [
- 'client' => $parameters['client']->id,
- 'description' => $parameters['client']->description,
+ 'clientId' => $parameters['client']->getKey(),
'name' => $parameters['client']->name,
'scopes' => $parameters['scopes'],
'state' => $parameters['request']->state,