I’m playing around with laravel and try to enable client credentials grant to secure some api endpoints.
To provide some context: I want to create an api that stands between a database and several websites (and SPAs). So I’ll be able to do some monitoring (what website/SPA calls which ressources) and in general add some security. So in this case where no additional user inforamtion is required, the client credential grant for machine-to-machine communication should be the best approach.
I followed someone tutorials (e.g. this tutrial) to implement these grant type but I get stuck…
I did the following:
- load passport:
composer require laravel/passport
- add service provider to
config/app.php
:LaravelPassportPassportServiceProvider::class,
- migrate:
php artisan migrate
- install:
php artisan passport:install
- added
HasApiTokens
toAppUser.php
- added
Passport::routes()
toapp/Providers/AuthServiceProvider.php
- last but not least set driver option of the authentication guard to
passport
inconfig/auth.php
So far so good. Now I created a sample client with php artisan passport:client
:
New client created successfully. Client ID: 3 Client secret: S5s9oEIRm5DNy5ySsr1H6jWlraOCZyF24gcpoDrJ
Now when I want to get a token for this client by using postman (added in the body.formdata
like provided here)
I get the following error.
{ "error": "unsupported_grant_type", "error_description": "The authorization grant type is not supported by the authorization server.", "hint": "Check that all required parameters have been provided", "message": "The authorization grant type is not supported by the authorization server." }
Am I missing something? I thought I did all the necessary steps to register the grant type
?
Thanks in advance!!
Advertisement
Answer
You misspelled grant_type
. In the screenshot it says grand_type
.