Oauth2 和 Laravel - `Client_id` 和 `Client_secret` - 在哪里放置、存储、调用？

Question

I am using OAuth-Server-Laravel repo docs and I am using Lumen. I have successfully made work Client Credentials grant type and trying to move it to Password grant type.

I added the PasswordVerifier class with verify() function, changed my database oauth_clients table to:

        $table->string('id', 40)->primary();
        $table->string('username');
        $table->string('password');
        $table->string('email');
        $table->timestamps();

        $table->unique(['id', 'username']); 

and verify() function as:

        'username' => $username,
        'password' => $password,

When I try it in Postman, I receive: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \\"client_id\\" parameter."

Then I read in the issues and found out that I need to import client_id and client_secret beside username and password credentials. I understand these are something I should define.

But, I couldn't figure out where to place them, store them and call them? Should I store them in .env file? If so, how am I supposed to call it in the verify function?

Answer 1

There should be an oauth_clients table created by that package. This defines what clients have access to make API calls to your resource server. Your authorization server verifies these clients exist in this table and the secrets match whenever requests are made from a client.

The structure of that table is like this:

id (primary)
secret
name
created_at
updated_at

Each entry in this table represents a single client-side application that has some sort of access to your API.