Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.0] Add the ability to retrieve current client #854

Merged
merged 1 commit into from
Oct 23, 2018
Merged

[7.0] Add the ability to retrieve current client #854

merged 1 commit into from
Oct 23, 2018
+199 −39

Conversation

driesvints
Copy link
Member

This commit adds the ability to retrieve the current client from the request, just like the current user is retrieved. I chose to do this in the TokenGuard class since this class uses the same logic to retrieve the current active user.

Usage could be as follows:

$client = $tokenGuard->client($request);

One of the biggest reasons for adding this is that there isn't any way at the moment to retrieve the current client from the request. By adding this, users can use the client to further perform authorization actions or check the creator of the client and subsequently limit resources bases on either one of those two.

This is especially helpful for client credentials grant requests where you simply don't have an active/authed user. This way you can still limit resources if you want based on either the client or its creator.

This commit is fully BC. No methods have been renamed, only added. The ones that have been modified still behave in the same way as before but only have some parts extracted to other methods so their code could be re-used.

This solves the following long outstanding issue: #143

PS. I'm sorry if the changes are too long or confusing. Feel free to ask questions and I will gladly clarify and explain further.

@driesvints
Add the ability to retrieve current client
404b345 
This commit adds the ability to retrieve the current client from the request, just like the current user is retrieved. I chose to do this in the TokenGuard class since this class uses the same logic to retrieve the current active user.

Usage could be as follows:

    $client = $tokenGuard->client($request);

One of the biggest reasons for adding this is that there isn't any way at the moment to retrieve the current client from the request. By adding this, users can use the client to further perform authorization actions or check the creator of the client and subsequently limit resources bases on either one of those two.

This is especially helpful for client credentials grant requests where you simply don't have an active user. This way you can still limit resources if you want based on either the client or its creator.

This commit is fully BC. No methods have been renamed, only added. The ones that have been modified still behave in the same way as before but only have some parts extracted to other methods so their code could be re-used.

This solves the following long outstanding issue: #143
@driesvints driesvints mentioned this pull request Oct 22, 2018
Closed
@taylorotwell taylorotwell merged commit 404b345 into laravel:7.0 Oct 23, 2018
@driesvints driesvints deleted the retrieve-current-client branch October 23, 2018 16:23
@TimWolla
Copy link
Contributor

@driesvints Can you clarify how I would pull the client from the guard in the real world? It looks like it does not properly mixin the client method into the RequestGuard:

$client = Auth::guard('api')->client($request);

fails with a “Method Illuminate\Auth\RequestGuard::client does not exist.”. I should not need to construct the TokenGuard manually, no?

Am I doing this wrong?

@driesvints
Copy link
Member Author

@TimWolla thanks for letting me know. I just realized that we'll also have to update the RequestGuard class but that'll be for the next major release.

For now you'll have to construct the TokenGuard as done here:

passport/src/PassportServiceProvider.php

Lines 268 to 274 in 453db3c

return (new TokenGuard(
$this->app->make(ResourceServer::class),
Auth::createUserProvider($config['provider']),
$this->app->make(TokenRepository::class),
$this->app->make(ClientRepository::class),
$this->app->make('encrypter')
))->user($request);

@driesvints driesvints mentioned this pull request Nov 15, 2018
Closed
@rizaldywirawan
Copy link

rizaldywirawan commented Sep 14, 2024
edited
Loading

The only think that i do not understand is, Laravel has a super cool documentation, always make dev easy to use it and find something they really need.

This one little problem already haunted lots of developers out there just to find a client id, why is this not in the documentation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@driesvints @TimWolla @rizaldywirawan @taylorotwell