Passport: `POST http://passport.dev/oauth/token` resulted in a `400 Bad Request` response:

Created on 19 Aug 2016 · 6Comments · Source: laravel/passport

i am following laracasts video to set up passport, but it's giving the exception on Guzzle request in callback

code :

Route::get('/', function () {
     $query = http_build_query([
        'client_id' => 1,
        'redirect_url' => 'http://consumer.dev/callback',
        'response_type' => 'code',
        'scope' => ''
      ]);

     return redirect('http://passport.dev/oauth/authorize?'.$query);
});

Route::get('/callback', function (Request $request) {
    $http = new GuzzleHttp\Client;

    $response = $http->post('http://passport.dev/oauth/token', [
        'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => 1,
            'client_secret' => 'JzyOQCKcmVHt5wgjtS45iAz3rcPKbiCUnd0rNfOj',
            'redirect_uri' => 'http://consumer.dev/callback',
            'code' => $request->code,
        ],
    ]);

    return json_decode((string) $response->getBody(), true);
});

it seems the redirect_uri is null in $authCodePayload in file AuthCodeGrant.php line number 97 after decrypting the authcode value.

passprt

Source

kamalakarchagam

Most helpful comment

the problem was fixed . the problem was due to differences in redirect_url in first and redirect_uri ... L vs I (eye) . Thank you @adamgoose

kamalakarchagam on 27 Aug 2016

👍3

All 6 comments

Not sure why this is, and it's probably caused by the PHP League OAuth2 package, but you must pass your client_id in as a string, as opposed to an integer.

adamgoose on 27 Aug 2016

👍2

Thank you @adamgoose
the details descriptio for the error is

[2016-08-27 09:48:15] local.ERROR: League\OAuth2\Server\Exception\OAuthServerException: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. in /home/vagrant/codes/passport/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:82
Stack trace:
#0 /home/vagrant/codes/passport/vendor/league/oauth2-server/src/Grant/AuthCodeGrant.php(103): League\OAuth2\Server\Exception\OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirec...')
#1 /home/vagrant/codes/passport/vendor/league/oauth2-server/src/AuthorizationServer.php(179): League\OAuth2\Server\Grant\AuthCodeGrant->respondToAccessTokenRequest(Object(Zend\Diactoros\ServerRequest), Object(League\OAuth2\Server\ResponseTypes\BearerTokenResponse), Object(DateInterval))
#2 /home/vagrant/codes/passport/vendor/laravel/passport/src/Http/Controllers/AccessTokenController.php(63): League\OAuth2\Server\AuthorizationServer->respondToAccessTokenRequest(Object(Zend\Diactoros\ServerRequest), Object(Zend\Diactoros\Response))

string is passed for client_id param

kamalakarchagam on 27 Aug 2016

the problem was fixed . the problem was due to differences in redirect_url in first and redirect_uri ... L vs I (eye) . Thank you @adamgoose

kamalakarchagam on 27 Aug 2016

👍3

@chagamkamalakar Thanks for your typo correction. I was also suffered from same issue. you save my day.

shinecorner on 12 Oct 2017

Create a variable in .env and changed value according your App URL instead localhost and use during post URL.

GUZZLE_POST_URL='localhost/oauth/token'

$user = Auth::user();
$http = new GuzzleHttp\Client;
//get from env file
$url = env('GUZZLE_POST_URL');
$response = $http->post($url, [
'form_params' => [
'grant_type' => 'password',
'client_id' => Config::get('constant_define.passport_api_password_grant_client_id'),
'client_secret' => Config::get('constant_define.passport_api_password_grant_client_secret'),
'username' => $email,
'password' => $password,
'scope' => '*',
],
]);