Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs on how to customize the passport authorization view #9874

Closed
wants to merge 3 commits into from
Closed

Add docs on how to customize the passport authorization view #9874

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
624affe
Add docs on how to customize the passport authorization view
jonerickson Sep 1, 2024
34b1d8e
Grammar changes
jonerickson Sep 1, 2024
1eb5943
Remove unused client property
jonerickson Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions passport.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
- [Authorization Code Grant With PKCE](#code-grant-pkce)
- [Creating the Client](#creating-a-auth-pkce-grant-client)
- [Requesting Tokens](#requesting-auth-pkce-grant-tokens)
- [Customizing the Authorization View](#customizing-the-authorization-view)
- [Password Grant Tokens](#password-grant-tokens)
- [Creating a Password Grant Client](#creating-a-password-grant-client)
- [Requesting Tokens](#requesting-password-grant-tokens)
Expand Down Expand Up @@ -616,6 +617,44 @@ If the state parameter matches, the consumer should issue a `POST` request to yo
return $response->json();
});

<a name="customizing-the-authorization-view"></a>
### Customizing the Authorization View

When a client visits your application's `/oauth/authorize` route, an authorization view will be presented requiring the user to approve the authorization request. By default, the package presents a generic blade view containing a form to approve the request.

All the authorization view's rendering logic may be customized using the appropriate methods available via the `Laravel\Passport\Passport` class. Typically, you should call this method from the `boot` method of your application's `App\Providers\AppServiceProvider` class. Passport will take care of defining the `/oauth/authorize` route that returns the view:

/**
* Bootstrap any application services.
*/
public function boot(): void
{
Passport::authorizationView('passport.authorize');
}

Your authorization template should include a form that makes a `POST` request to `/oauth/authorize`. The `/oauth/authorize` endpoint expects the string `state`, `client_id`, `auth_token` and the CSRF token as `_token` if not already being passed.

When using `Passport::authorizationView()`, you may either pass the view name or a `Closure`. Both instances receive an array of parameters to help with building the template. Both the view and the `Closure` receive the following parameters: The Passport `client`, the `user` approving the authorization, the requested `scopes`, the current `request` and the `authToken`.

Inertia is also supported as a valid authorization view response:

/**
* Bootstrap any application services.
*/
public function boot(): void
{
Passport::authorizationView(function ($parameters) {
return Inertia::render('passport/Authorize', [
'clientId' => $parameters['client']->getKey(),
'name' => $parameters['client']->name,
'scopes' => $parameters['scopes'],
'state' => $parameters['request']->state,
'authToken' => $parameters['authToken'],
'csrfToken' => csrf_token(),
]);
});
}

<a name="password-grant-tokens"></a>
## Password Grant Tokens

Expand Down