Passport: How to test Client Credentials Grant Tokens

Created on 15 Sep 2017 · 8Comments · Source: laravel/passport

I am trying to follow the documentation but am completely coming up empty on this. I initially built the Client Credentials Grant Token app using TDD and Passport::actingAs() to ensure that my responses were working. When using it with Postman, it failed; I discovered the CheckClientCredentials middleware and changed my routes to use that, and viola, Postman works. However, now all my tests fail - and I cannot find any explanation about how to test a route protected by the client credentials. What is the proper way to execute these tests without having to generate a token just for testing?

enhancement

Source

jdavidbakr

Most helpful comment

Am ignoring the check client credentials middleware with;

$this->withoutMiddleware(\Laravel\Passport\Http\Middleware\CheckClientCredentials::class);

But I beleive actingAsClient() would be the proper way to go about this...

mtvbrianking on 30 Sep 2018

👍5 ❤4

All 8 comments

What I ended up doing is creating an empty middleware and then creating a trait that skips the client middleware:

<?php

namespace Tests;

use Laravel\Passport\Http\Middleware\CheckClientCredentials;

trait SkipClientMiddleware {

    /**
     * @before
     */
    public function skip_middleware(Type $var = null)
    {
        $this->afterApplicationCreated(function() {
            app()->bind(CheckClientCredentials::class, function() {
                return new \App\Http\Middleware\EmptyMiddleware;
            });    
        });
    }

}

Seems kind of clunky, hopefully there is a way to do this already without having to go this extra step?

jdavidbakr on 15 Sep 2017

very interested in how to do this properly too - workaround is ok but the oauth part is still a good test

makapaka23 on 29 Nov 2017

@jdavidbakr Thanks! This was easiest solution for my case. I just used an anonymous class instead of creating that EmptyMiddleware.

I agree that there should be an actingAsClient() method. Maybe I'll try to tackle that later.

@makapaka23 I am testing the client authentication in a separate OAuth test. Still, I would like to do actingAsClient() to test if I am using the correct scopes, for instance.

tralves on 5 Jan 2018

Am ignoring the check client credentials middleware with;

$this->withoutMiddleware(\Laravel\Passport\Http\Middleware\CheckClientCredentials::class);

But I beleive actingAsClient() would be the proper way to go about this...

mtvbrianking on 30 Sep 2018

👍5 ❤4

Yeah, I can see this being useful. Feel free to send in a PR.

driesvints on 16 Oct 2018

Hi, I have set up passport in laravel 5.3 with token-based authentication. Whenever I've tried to call an API using postman, it always returns '{"error": "Unauthenticated."}'. I have set the header as

Authorization: Bearer generated_token_after_login
Accept: application/json
Content-Type: application/json

Also, I have cleared all the cache and added HTTP authorization code in the .htaccess file as
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

I can not find any issues with that. What is the issue?

surajitghorai on 24 Oct 2018

@surajitghorai Looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs or problems. If you have a question on how to use functionality provided by this repo you can try one of the following channels: