Laravel Passport 从承载令牌中获取客户端 ID

Question

I've set up the laravel passport and created clients. When clients make a post request to my application using it api, all they send is the bearer access token along with the post values.

Is there any way I can get the client id of the consuming application when they submit the post request simply from the bearer token.

Or is it entirely safe for the consuming application to send their client id along with the post fields?

Answer 1

我认为这就是我需要的：

$request->user()->token()->client

Answer 2

If you deal with the grant type client_credentials you might consider the following solution:

Route::get('/get-client-cred', function (Request $request) {
    $bearerToken = $request->bearerToken();

    $tokenId = (new \Lcobucci\JWT\Parser())->parse($bearerToken)->getHeader('jti');

    return \Laravel\Passport\Token::find($tokenId)->client;
})->middleware('client_credentials');

Instead, if you are dealing with a personal access token you can retrieve the client as following:

Route::middleware('auth:api')->get('/get-client', function (Request $request) {
    return $request->user()->token()->client;
});

Answer 3

If you have used passport you can get the user id from the Auth facade using api guard like this:

$user_id = Auth::guard('api')->id();

or get the user:

$user = Auth::guard('api')->user();

Answer 4

This is what finally worked for me with Laravel 8.

Note that I plagerised the solution from @judge2020's answer on GitHub .

use Laravel\Passport\Token;
use Lcobucci\JWT\Configuration; /* composer require lcobucci/jwt */

Route::get('/v1/test', function(Request $request) {   

    $bearerToken = request()->bearerToken();
    $tokenId = Configuration::forUnsecuredSigner()->parser()->parse($bearerToken)->claims()->get('jti');
    $client = Token::find($tokenId)->client;
    
})->middleware('client');