Add ability to set encryption keys from config

composer.json

@@ -25,7 +25,7 @@
         "illuminate/encryption": "~5.6",
         "illuminate/http": "~5.6",
         "illuminate/support": "~5.6",
-        "league/oauth2-server": "^6.0",
+        "league/oauth2-server": "^7.0",
         "phpseclib/phpseclib": "^2.0",
         "symfony/psr-http-message-bridge": "~1.0",
         "zendframework/zend-diactoros": "~1.0"

config/passport.php

@@ -0,0 +1,20 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Encryption Keys
+    |--------------------------------------------------------------------------
+    |
+    | Passport uses encryption keys when generating secure access tokens.
+    | By default these keys are stored as local files, but can also be
+    | set using the following environment variables.
+    |
+    */
+
+    'private_key' => env('PASSPORT_PRIVATE_KEY'),
+
+    'public_key' => env('PASSPORT_PUBLIC_KEY'),
+
+];

src/Bridge/ClientRepository.php

@@ -28,7 +28,7 @@ public function __construct(ClientModelRepository $clients)
     /**
      * {@inheritdoc}
      */
-    public function getClientEntity($clientIdentifier, $grantType,
+    public function getClientEntity($clientIdentifier, $grantType = null,
                                     $clientSecret = null, $mustValidateSecret = true)
     {
         // First, we will verify that the client exists and is authorized to create personal

src/PassportServiceProvider.php

@@ -13,6 +13,7 @@
 use Laravel\Passport\Guards\TokenGuard;
 use League\OAuth2\Server\CryptKey;
 use League\OAuth2\Server\ResourceServer;
+use Illuminate\Config\Repository as Config;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\Grant\ImplicitGrant;
@@ -82,6 +83,8 @@ public function register()
         $this->registerResourceServer();
 
         $this->registerGuard();
+
+        $this->offerPublishing();
     }
 
     /**
@@ -200,7 +203,7 @@ public function makeAuthorizationServer()
             $this->app->make(Bridge\ClientRepository::class),
             $this->app->make(Bridge\AccessTokenRepository::class),
             $this->app->make(Bridge\ScopeRepository::class),
-            $this->makeCryptKey('oauth-private.key'),
+            $this->makeCryptKey('private'),
             app('encrypter')->getKey()
         );
     }
@@ -215,7 +218,7 @@ protected function registerResourceServer()
         $this->app->singleton(ResourceServer::class, function () {
             return new ResourceServer(
                 $this->app->make(Bridge\AccessTokenRepository::class),
-                $this->makeCryptKey('oauth-public.key')
+                $this->makeCryptKey('public')
             );
         });
     }
@@ -226,13 +229,15 @@ protected function registerResourceServer()
      * @param string $key
      * @return \League\OAuth2\Server\CryptKey
      */
-    protected function makeCryptKey($key)
+    protected function makeCryptKey($type)
     {
-        return new CryptKey(
-            'file://'.Passport::keyPath($key),
-            null,
-            false
-        );
+        $key = str_replace('\\n', "\n", $this->app->make(Config::class)->get('passport.'.$type.'_key'));
+
+        if (!$key) {
+            $key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');
+        }
+
+        return new CryptKey($key, null, false);
     }
 
     /**
@@ -281,4 +286,18 @@ protected function deleteCookieOnLogout()
             }
         });
     }
+
+    /**
+     * Setup the resource publishing groups for Passport.
+     *
+     * @return void
+     */
+    protected function offerPublishing()
+    {
+        if ($this->app->runningInConsole()) {
+            $this->publishes([
+                __DIR__.'/../config/passport.php' => config_path('passport.php'),
+            ], 'passport-config');
+        }
+    }
 }

tests/PassportServiceProviderTest.php

@@ -0,0 +1,63 @@
+<?php
+
+use Laravel\Passport\Passport;
+use PHPUnit\Framework\TestCase;
+use Illuminate\Config\Repository as Config;
+use Laravel\Passport\PassportServiceProvider;
+use Illuminate\Contracts\Foundation\Application as App;
+
+class PassportServiceProviderTest extends TestCase
+{
+    public function test_can_use_crypto_keys_from_config()
+    {
+        $config = Mockery::mock(Config::class, function ($config) {
+            $config->shouldReceive('get')
+                ->with('passport.private_key')
+                ->andReturn('-----BEGIN RSA PRIVATE KEY-----\nconfig\n-----END RSA PRIVATE KEY-----');
+        });
+
+        $provider = new PassportServiceProvider(
+            Mockery::mock(App::class, ['make' => $config])
+        );
+
+        // Call protected makeCryptKey method
+        $cryptKey = (function () {
+            return $this->makeCryptKey('private');
+        })->call($provider);
+
+        $this->assertSame(
+            "-----BEGIN RSA PRIVATE KEY-----\nconfig\n-----END RSA PRIVATE KEY-----",
+            file_get_contents($cryptKey->getKeyPath())
+        );
+    }
+
+    public function test_can_use_crypto_keys_from_local_disk()
+    {
+        Passport::loadKeysFrom(__DIR__.'/files');
+
+        file_put_contents(
+            __DIR__.'/files/oauth-private.key',
+            "-----BEGIN RSA PRIVATE KEY-----\ndisk\n-----END RSA PRIVATE KEY-----"
+        );
+
+        $config = Mockery::mock(Config::class, function ($config) {
+            $config->shouldReceive('get')->with('passport.private_key')->andReturn(null);
+        });
+
+        $provider = new PassportServiceProvider(
+            Mockery::mock(App::class, ['make' => $config])
+        );
+
+        // Call protected makeCryptKey method
+        $cryptKey = (function () {
+            return $this->makeCryptKey('private');
+        })->call($provider);
+
+        $this->assertSame(
+            "-----BEGIN RSA PRIVATE KEY-----\ndisk\n-----END RSA PRIVATE KEY-----",
+            file_get_contents($cryptKey->getKeyPath())
+        );
+
+        @unlink(__DIR__.'/files/oauth-private.key');
+    }
+}