Passport: auth/token route, ThrottlesRequests middleware, decay and max attempts params

Created on 23 Dec 2016 · 5Comments · Source: laravel/passport

In Laravel\Passport\RouteRegistrar class, inside forAccessTokensmethod, the registered middleware throttle is not configurable.

see:

$this->router->post('/oauth/token', [
    'uses' => 'AccessTokenController@issueToken',
    'middleware' => 'throttle'
]);

I think we need some way to edit the maxAttempts and decayMinutes without extending the actual middleware class.

Source

erdemkeren

❤4

Most helpful comment

@erdemkeren The quickest way for you to solve this is to overwrite the route and still point to the right controller. In your RouteServiceProvider's map method, you could do something like the following.

public function map()
{
    $this->mapApiRoutes();

    $this->mapWebRoutes();

    Route::post('/oauth/token', [
        'uses' => '\Laravel\Passport\Http\Controllers\AccessTokenController@issueToken',
        'middleware' => 'throttle:60,5',
    ]);
}

I will gladly submit a PR for this after the holidays though if no one else does it beforehand and it isn't deemed unnecessary by @taylorotwell or @themsaid. Hopefully this solves your problem in the meantime though :)

craigpaul on 24 Dec 2016

👍24 ❤10 🎉6 🚀3

All 5 comments

public function map()
{
    $this->mapApiRoutes();

    $this->mapWebRoutes();

    Route::post('/oauth/token', [
        'uses' => '\Laravel\Passport\Http\Controllers\AccessTokenController@issueToken',
        'middleware' => 'throttle:60,5',
    ]);
}

craigpaul on 24 Dec 2016

👍24 ❤10 🎉6 🚀3

@erdemkeren Taylor decided he'd like to keep the defaults, so go ahead and stick with the solution I gave above. You can also close this issue when you get a chance. Thanks!

craigpaul on 29 Dec 2016

@craigpaul Thanks for your interest. Already guessed that and done that way.

erdemkeren on 29 Dec 2016

@craigpaul Thank you very much!