I’m playing around with laravel and try to enable client credentials grant to secure some api endpoints.
To provide some context: I want to create an api that stands between a database and several websites (and SPAs). So I’ll be able to do some monitoring (what website/SPA calls which ressources) and in general add some security. So in this case where no additional user inforamtion is required, the client credential grant for machine-to-machine communication should be the best approach.
I followed someone tutorials (e.g. this tutrial) to implement these grant type but I get stuck…
I did the following:
- load passport:
composer require laravel/passport - add service provider to
config/app.php:LaravelPassportPassportServiceProvider::class, - migrate:
php artisan migrate - install:
php artisan passport:install - added
HasApiTokenstoAppUser.php - added
Passport::routes()toapp/Providers/AuthServiceProvider.php - last but not least set driver option of the authentication guard to
passportinconfig/auth.php
So far so good. Now I created a sample client with php artisan passport:client:
New client created successfully. Client ID: 3 Client secret: S5s9oEIRm5DNy5ySsr1H6jWlraOCZyF24gcpoDrJ
Now when I want to get a token for this client by using postman (added in the body.formdata like provided here)
I get the following error.
{
"error": "unsupported_grant_type",
"error_description": "The authorization grant type is not supported by the authorization server.",
"hint": "Check that all required parameters have been provided",
"message": "The authorization grant type is not supported by the authorization server."
}
Am I missing something? I thought I did all the necessary steps to register the grant type?
Thanks in advance!!
Advertisement
Answer
You misspelled grant_type. In the screenshot it says grand_type.