Get user data using access token in laravel passport client app

Question

I have successfully created server.app and client.app using Laravel Passport documentation. Everything works as expected.

client.app Route:

Route::get('callback', function (Request $request) {
   $http = new GuzzleHttp\Client;
   $response = $http->post('http://server.app/oauth/token', [
    'form_params' => [
        'grant_type' => 'authorization_code',
        'client_id' => 3,
        'client_secret' => 'secret',
        'redirect_uri' => 'http://client.app/callback',
        'code' => $request->code
    ]
   ]);
   return json_decode((string) $response->getBody(), true)['access_token'];
});

By default, this route returns access_token, with which i can do whatever i want.

Request:

http://server.app/oauth/authorize?client_id=3&redirect_uri=http%3A%2F%2Fclient.app%2Fcallback&response_type=code&scope=

Returns:

http://client.app/callback?code=access_token

Question:

How to make correct request to server.app with given access_token in client.app to get for example user(s) email(s).

Should i use: http://server.app/api/user request to get data? If yes, how i can do that? If possible, please write a code.

Thanks for any answers.

adamj · Accepted Answer · 2017-04-06T09:14:44.117

I've been going absolutely insane about this issue! It just made no freaking sense as to why it kept spitting out the stupid Unauthenticated error when trying to hit-up a route such as /api/user. After much searching (MUCH searching), I finally found the answer. If you see this fero from Laracasts, you're my hero!

Did you check app\Providers\RouteServiceProvider.php ?

in the mapApiRoutes() you can set the middleware. check to make sure its auth:api. if its not, change it. also, remove the auth middleware from the route api.php file.

https://laracasts.com/discuss/channels/laravel/laravel-53-passport-api-unauthenticated-in-postman-using-personal-access-tokens

Edit:

Once you've made the change to the app\Providers\RouteServiceProvider.php mentioned above, proceed with the below example.

First things first, we need to retrieve a fresh access_token. To do this, I'm using the password grant_type (more info: https://laravel.com/docs/5.4/passport#password-grant-tokens)

To retrieve a fresh access_token, I've created a new route on routes/web.php and called it /connect. I've then placed the code from the above link into it:

Route::get('connect', function (Request $request) {
    $http = new GuzzleHttp\Client;

    $response = $http->post('http://example.com/oauth/token', [
        'form_params' => [
            'grant_type' => 'password',
            'client_id' => $request->client_id,
            'client_secret' => $request->client_secret,
            'username' => $request->username,
            'password' => $request->password,
            'scope' => ''
        ],
    ]);

    return json_decode((string) $response->getBody(), true);
});

Using Chrome Postman, you need to:

Set the method to GET
Enter the connect URL with the relevant params i.e. http://example.com/connect?client_id=1&client_secret=W2zogh7tiBh2jfHleYuzpViv7dqynDYQ6O07DKLj&username=test@test.com&password=123456
Click the headers tab (it's next to Authorization), add a key of Accept and value of application/json
Hit the Send button

Example result:

{
  "token_type": "Bearer",
  "expires_in": 31535999,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImE0MmFiYjZkNTQ5M2ZjMGQxYzVmM2E3MDFlOTNjMTRlOTQxMTBmNWQ5NmI1ODI0NTBmMmEyM2MwMzQ5OTMwODdiZGUwYTI5ZDU5N2VjYTExIn0.eyJhdWQiOiIxIiwianRpIjoiYTQyYWJiNmQ1NDkzZmMwZDFjNWYzYTcwMWU5M2MxNGU5NDExMGY1ZDk2YjU4MjQ1MGYyYTIzYzAzNDk5MzA4N2JkZTBhMjlkNTk3ZWNhMTEiLCJpYXQiOjE0OTE0Njg4ODIsIm5iZiI6MTQ5MTQ2ODg4MiwiZXhwIjoxNTIzMDA0ODgxLCJzdWIiOiI3NWNlZDUwMC0xNTQ0LTExZTctOWE4ZS1hZDVmMWFlZTM4OWUiLCJzY29wZXMiOltdfQ.dV3DKDM7IN-oGnZ_Rw10VnYkh9ySlz5i859yO0roZLAYwgmsmEEZK_vpttudUoKmYenqibZQXg6HG4KHRd-cgas_2DpO-7UCkXQYNTriUUAQ4XM6To86EOaf2BW1a07kdVGXTdo_ETQc7heUG0NWQ8-Hrr2NHkSyDULupDs8gDg_fg6xSVsFUEDZB32UIGwquAHT1Y21ZpTdQar0Rag9qOLeZYTR05ro0v9_rQbSoDgJiZE3KT9GbqwU_BegWRmAwY6LmxG4raZpSMgqYEMo3D9D0lJiomOLK4pSjqmi0EVti04zZ6Vg4GHE6S1TgC6IlakV2bMItXTWuZT6T0jEba-3ctaC4K2T8F4P8J6t-99mKY-_zSwgfGm1FErK09qixJlZ4zFsCCT7MgNQVoyu7GkJdTJVlpL1QXLc1QhfrtW11a4gg4Nlja_VyRdB9fZHomgMLpvm_HvSlqEvpeWb8wGkCts9w7ivSNLim-LuFgswGNhTZZqLEbuwB6sJV-l1V0MJCq7_h0yTmLlBdoUkxCaDJJvkUSLk0MUaalAAzY1OCxm-tJcKn31m4yOwf25ZDWf8tWuOTKarEbFyxjB0elkxXQXGe7J7TJAg0tuIEQ8YTL3ExJQ6I7zwtCL83bPOWYRGlJrsX6Lsf0qB-xMVD2DzA3JKDKvZTp5x92kP821",
  "refresh_token": "ArOWW0glHjflLpL4fKOsrNUXT5v91u+CjwcE8LBvH7GJsaM0gWaFe8GH9zXjh8SHew+cg7v1IMiIPLYSVdf7h8oOeV7wgwjChI9YM0Kt6iE4wOXJuy0VwPSCj+danHDuWC3nJWYLrPydTE3h/jgFNjWEPfgXGLfiRWjWQMozddz5EWd4pvUI7J64Lw6cMCg/BslZLHtfN7IWoC1RQGp5K0cGO0QmZfsGMSzsoSUNFjv16BXiKSqlNvs5aGhxErFY4wEOKqBifXUkb3SwnK/iHKg3irmqj4fOf/aKNyCdd/PJCHrRPocrW83oM1sjq7eDufEIlgxmy7uRset8GLAWjx/n6rzkxz2QM0/9Lyc/XN9OL00XBYjA47a1wL55qUUUYWevaFwxWX8LG2UjBf9Vv2lfvLcBBkbgqpalePMDh6wb8IDyJek4BbvZtJ1VZ/l+A9XXY9rQt/hIDdoOAtib8CGr9/CERFIrByZa3TEJBCLAa2FvJSIhHVnKvnuvZX3e9qhTkgHqowJrWg2C3VyPDQYAdIhdpTEvs0pcGSAZWhwXfu9xKQOeyRTEScbLKQmuW+sGbwU+qfdLgh/BR5kW4TMer4TIzWKSuHsqmibgiUwaQkwTrtjH2Xz9Z9XmAbVzJ8pqbEZPe7t5whXDoRSnAwWymdxk2E7SiSsVUA3kX39="
}

Highlight the access_token string and copy it to a text editor.

You'll then need to create a new route in routes/api.php. The route below will simply output the current API users' info:

Route::group(['prefix' => 'user'], function() {
    Route::get('/', function() {
        return response()->json(request()->user());
    });
});

Once you've done the above, make these changes to Postman:

Set the method to GET
Change the URL to point to the API route i.e. http://example.com/api/user
Click on the headers tab again and add a new key of Authorization and value of Bearer access_token_here (replace access_token_here with the access token you copied earlier)
Hit the Send button

Example output:

{
  "id": "75ced500-1544-11e7-9a8e-ad5f1aee389e",
  "name": "test test",
  "email": "test@test.com",
  "created_at": "2017-03-30 23:29:03",
  "updated_at": "2017-03-30 23:29:03"
}

In my case, i ended up by giving each user a personal access token... did you tested your solution and is it working? — Tauras, Apr 06 '17 at 08:08
Tested it thoroughly and it's working 100%. Couldn't believe a simple swap on the middleware from `api` to `auth:api` on the RouteServiceProvider.php was all that was needed. Do you want me to add a completely detailed step by step using Chrome Postman as well so you can see everything? — adamj, Apr 06 '17 at 08:11
Well, i understand your answer, but others might not understand it. Update your answer with example and i will aproove your answer and mark as correct one. — Tauras, Apr 06 '17 at 08:20
There we go matey! I think this should help quite a few people in the future. — adamj, Apr 06 '17 at 09:09
Perfect. Thanks. Hope, anyone else will find this usefull. Accepted. — Tauras, Apr 06 '17 at 09:35
days passed! you are a savior man! now i get a clear view of how it's done! — Rabb-bit, May 16 '17 at 13:51
@adamj This works, it also will create a new access_token every time you login, It is that ok? Your `oauth_access_tokens` will increase fast. — Fernando Montoya, Sep 10 '18 at 10:52

shukshin.ivan · Answer 2 · 2018-03-16T17:33:12.640

5

According to Laravel documentation, you should add route to server app (routes/api.php): $response->getBody();

Route::get('/user', function () {
    // authenticated user. Use User::find() to get the user from db by id
    return app()->request()->user();
})->middleware('auth:api');

Make request via quzzle:

$response = $client->request('GET', '/api/user', [
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer '.$accessToken,
    ],
]);
echo $response->getBody();

edited Mar 16 '18 at 17:33

answered Jan 19 '17 at 21:50

shukshin.ivan

11,075
4
53
69

What did you get in the response body? – shukshin.ivan Jan 20 '17 at 11:44
2

``Client error: `GET http://server.app/api/user` resulted in a `401 Unauthorized` response: {"error":"Unauthenticated."}`` . I am using correct access token. – Tauras Jan 20 '17 at 12:19
2

Also, i used ``$response = $client->get('http://server.app/api/user' ...`` and ``$client`` as ``new GuzzleHttp\Client;`` – Tauras Jan 20 '17 at 12:21
Now it gives: ``Server error: `GET http://server.app/api/user` resulted in a `500 Internal Server Error` response: ``. I know, because of ``return json_decode((string) $response->getBody(), true)['access_token'];`` – Tauras Jan 20 '17 at 12:52
correct access_token returns 500 error, not correct, returns ``Unauthenticated``. – Tauras Jan 20 '17 at 13:00
where did the $accessToken came from? – mpalencia Jun 26 '19 at 08:26
@mpalencia it's returned in reply to authentication request – shukshin.ivan Jun 26 '19 at 09:27

score 5 · Answer 3 · answered Mar 03 '17 at 05:43

Have you tried running it on POSTMAN chrome app? If not, download it. https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en

Fill the information.

After you successfully generated the data, click the CODE button from the top-right (I highlighted it with green).

Lastly, select your language and copy the code. For PHP, I selected php cURL.

Hope it works.

score 3 · Answer 4 · answered Aug 20 '21 at 13:43

I had the same problem and I tried all mentioned solutions but it remains same. Read so many tutorial and websites but didn't get the solution. Finally, got the solution: I am using laravel 8 and it has declared two packages for api request one is passport and other is sanctum. By default in User model it uses use Laravel\Sanctum\HasApiTokens; for api token. If you use Sanctum package it's ok. If you don't use it (If you are using passport) then change the line from Sanctum to Passport as use Laravel\Passport\HasApiTokens;

Get user data using access token in laravel passport client app

4 Answers4

Linked