Passport: duplication of “Authorized Applications” for the same application
Hello,
I have created an Oauth2 server and consumer app in Laravel by following: https://laravel.com/docs/5.3/passport
Repo URL: https://github.com/xparthx/Laravel-Passport---Oauth2
So far it is working fine.
The issue is whenever I'm assessing the Oauth2 server from the consumer app, it makes duplication of the same application. (See Authorized Applications section in the attachment)
Steps to produce the bug:
1) Run both passport and consumer apps in browser
2) Visit "/redirect" URL in consumer app (So you will get redirect to passport site)
3) Login into the site
4) Login into passport site and check the Authorized Applications sections (There will be a new entry for Consumer app for each use of the app)
parth-vora-7
All 4 comments
It happens because Passport doesn't revoke old tokens since v1.0.5 (¯\_(ツ)_/¯). To fix that, you have to listen for the Laravel\Passport\Events\AccessTokenCreated event and revoke them manually.
Example from older version:
# In your listener:
use Laravel\Passport\Token;
use Laravel\Passport\Events\AccessTokenCreated;
/**
* Handle the event.
*
* @param AccessTokenCreated $token
*/
public function handle(AccessTokenCreated $token)
{
$this->revokeOtherAccessTokens($token->clientId, $token->userId, $token->tokenId, true);
}
/**
* Revoke all of the access tokens for a given user and client.
*
* @param mixed $clientId
* @param mixed $userId
* @param bool $prune
*/
public function revokeOtherAccessTokens($clientId, $userId, $except = null, $prune = false)
{
$query = Token::where('user_id', $userId)->where('client_id', $clientId);
if ($except) {
$query->where('id', '<>', $except);
}
if ($prune) {
$query->delete();
} else {
$query->update(['revoked' => true]);
}
}
Please correct me if I'm wrong (I was facing the same issue and this is the only solution i've found).
ingria
on 30 Jan 2017
Closing for lack of activity, hope you got the help you needed :)
themsaid
on 5 Jul 2017
Why closing? This bug is still exists?
+1 same bug here
moxx
on 23 Nov 2017
@moxx
Create a new listener:
php artisan make:listener RevokeOldTokens
Add the new listener to the $listen-array in app/Providers/EventServiceProvider.php
'Laravel\Passport\Events\AccessTokenCreated' => [
'App\Listeners\RevokeOldTokens',
],
My listener looks like this (app/Listeners/RevokeOldTokens.php):
<?php
namespace App\Listeners;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use Laravel\Passport\Events\AccessTokenCreated;
use DB;
class RevokeOldTokens
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param object $event
* @return void
*/
public function handle(AccessTokenCreated $event)
{
//
DB::table('oauth_access_tokens')
->where('id', '<>', $event->tokenId)
->where('user_id', $event->userId)
->where('client_id', $event->clientId)
->update(['revoked' => true]);
}
}
nivv
on 9 Jan 2018
Related issues
duccanh0022
·
3Comments
MarkVilludo
·
3Comments
aluferraz
·
3Comments
s4uron
·
3Comments
seriousjelly
·
3Comments
Most helpful comment
@moxx
Create a new listener:
Add the new listener to the
$listen-array inapp/Providers/EventServiceProvider.phpMy listener looks like this (
app/Listeners/RevokeOldTokens.php):