Laravel Passport refresh_token with same scope

Question

I am having an issue and I hope you can help:)

I am using Laravel Passport in order to handle Authentication for my webApp. I am able to generate Access Tokens and Refresh Tokens with no issues.

The problem comes when I am trying to refresh my token. I wrote the code according to Laravel's Documentation:

public function refresh_token(Request $request){
    $refresh_token = $request->cookie('refresh_token');

    $http = new \GuzzleHttp\Client([
        'base_uri' => env('OAUTH_PWD_GRANT_BASE_URL'),
        'http_errors' => false
    ]);
    
    
    $response = $http->post('/oauth/token', [
        'form_params' => [
            'grant_type' => 'refresh_token',
            'refresh_token' => $refresh_token,
            'client_id' => env('OAUTH_PWD_GRANT_CLIENT_ID'),
            'client_secret' => env('OAUTH_PWD_GRANT_CLIENT_SECRET'),
            'scope' => '',
        ],
    ]);
    return $this->login_helper(json_decode((string) $response->getBody(), true));
}

Here is my problem: I want my new access token to have the same scope as the provided refresh_token (or, more precisely, as the access_token associated with the refresh_token ).

How can I do it?

I have tried to look at the database in order to find my refresh_token , and get the associated access_token , but it is unclear how to access the refresh_token (the refresh_token that I have set in my Cookies does not appear in the database - I do not understand the mechanics behind it).

Thank you very much for your help!

Answer 1

OK, after testing, I realized that when you put 'scope' => '' in the request to refresh the token, you get the same scope. :-)

I should have checked before (I thought it was returning an empty scope - this is a weird implementation though - very helpful, but weird)^^