corbosman / laravel-passport-claims Goto Github PK
View Code? Open in Web Editor NEWAdd claims to Laravel Passport JWT Tokens
License: MIT License
Add claims to Laravel Passport JWT Tokens
License: MIT License
If we do
Route::middleware(['client', 'claim:1'])->get('my-protected-route', function () {
return 'protected by claim with foobar as its value';
});
the value its gonna be a string, so if claim is an int, Are the values โโnot going to be the same? or token changes the int to string internally?
Laravel Passport 11 requires "lcobucci/jwt": "^4.3|^5.0"
, but if we haven't specified a version lower than 5.0, the CheckForClaim
middleware fails.
The \Lcobucci\JWT\Configuration::forUnsecuredSigner()
method is deprecated since version 4.3 of the lcobucci/jwt
package. This method is used in the CheckForClaim
middleware of this package.
Configuration::forSymmetricSigner(
new \Lcobucci\JWT\Signer\Rsa\Sha256(),
\Lcobucci\JWT\Signer\Key\InMemory::plainText('empty', 'empty')
)
"lcobucci/jwt": "^4.3
in composer.json
,Hi, may I know if is possible if we were to access auth/user data in CustomClaim class?
<?php
namespace App\Claims;
use Auth;
class CustomClaim
{
public function handle($token, $next)
{
$token->addClaim('my-claim', Auth::user()->email);
return $next($token);
}
}
thanks!
I recently did a composer update on my project which resulted in an issue with laravel-passport-claims.
This is the exception I was getting when creating an access token:
Replicating claims as headers is deprecated and will removed from v4.0. Please manually set the header if you need it replicated.
I fixed it by overriding this class: CorBosman\Passport\AccessToken @ convertToJWT with the following changes:
$jwt = (new Builder())
->permittedFor($this->getClient()->getIdentifier())
->identifiedBy($this->getIdentifier(), false) // second param used to be true
->issuedAt(new \DateTimeImmutable('now')) // used to be now()
->canOnlyBeUsedAfter(new \DateTimeImmutable('now')) // used to be now()
->expiresAt($this->getExpiryDateTime()) // used to be $this->getExpiryDateTime()->getTimestamp()
->relatedTo($this->getUserIdentifier())
->withClaim('scopes', $this->getScopes());
Thanks
how can i add new claim when receving a access_token in /oauth/token route?
i need to add more user details for my access_token
"token_type": "Bearer",
"expires_in": 900,
"access_token": "{token}",
"refresh_token": "{refresh_token}"
useAccessTokenEntity
was added on passport/v11.8.3, laravel/passport@587aa14, so this commit breaks compatibility with versions prior to version 11.8.3
laravel-passport-claims/composer.json
Line 21 in fec9244
Hi @corbosman ,, thank you for the awesome package,,
i have an issue when trying to add iss
claim,,
Lcobucci\JWT\Token\RegisteredClaimGiven Builder#withClaim() is meant to be used for non-registered claims, check the documentation on how to set claim "iss".
Do you have an idea how to resolve this?
Route::middleware(['client', 'claim:my-claim,foobar'])->get('my-protected-route', function () {
return 'protected by claim with foobar as its value';
});
In the code snippet above, claim middleware is accepting all values which should not be.
@corbosman thanks for the package. How can we access the claims once they've been set?
does this package have a feature that limits the claims based on scopes?
example: i have a scopes like "email", if i login with the scope "email" the package will only add user email claim, but if i have a scope with * it will add all user claims
Hi, first of all thanks for this package!
I'm testing it and I would like to know how can I set and get Claims from Laravel Controllers:
// How to add Claims in login?
public function login(Request $request)
{
// some code
$credentials = [
'email' => $request->email,
'password' => base64_decode($request->password)
];
Auth::attempt($credentials);
$user= $request->user();
$token = $user->createToken('ACCESS_TOKEN')->accessToken;
// At this point, how can I add custom Claims to my token?
// I would like to do something like this:
$token->addClaim('companyId', $request->company_id); // how can I do this through a Controller?
}
// How to get Claims?
public function me(Request $request)
{
$user = $request->user();
$token = $user->token();
// How to get the companyId Claim set on login method?
$companyId = $token->getClaim('companyId'); // How can I do this?
}
When I execute php artisan claim:generate Claims/CustomClaim
I get below error:
There are no commands defined in the "claim" namespace.
After installing Claims and declare them I get the following error when doing a request:
{
"message": "Method CorBosman\Passport\AccessToken::__toString() must not throw an exception, caught ErrorException: Replicating claims as headers is deprecated and will removed from v4.0. Please manually set the header if you need it replicated.",
"exception": "Symfony\Component\ErrorHandler\Error\FatalError",
"file": "D:\webs\VOW\experimento\backend\vendor\league\oauth2-server\src\ResponseTypes\BearerTokenResponse.php",
"line": 0,
"trace": []
}
Hi, your package is exactly what I need. I follow the simple installation guide but nothing happen. No claims add to to token and, just for test purpose, if I write in config an inexistant class name, I receive no error. It's seems that all package is totally ignored.
I'm trying to use in Laravel 7
Maybe I 've missed something ?
Thank you so much!
I get following error when trying to generate new token:
Method CorBosman\Passport\AccessToken::__toString() must not throw an exception, caught ParseError: syntax error, unexpected '=>' (T_DOUBLE_ARROW), expecting ')' {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Method CorBosman\\Passport\\AccessToken::__toString() must not throw an exception, caught ParseError: syntax error, unexpected '=>' (T_DOUBLE_ARROW), expecting ')' at /var/www/dev/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php:0)
[stacktrace]
#0 {main}
"}
I use the following versions:
laravel/framework 8.77.1
laravel/passport 10.1.4
lcobucci/jwt 3.4.6
corbosman/laravel-passport-claims 3.0.1
I still run on PHP 7.3, so might that be the issue?
Seems currently it doesn't support lumen-passport. Would be good if we add support for it.
BTW, this is a really helpful package :)
This package is great thank you.
We have an issue though that when we refresh a token, we want to encode the same claims from the original access token into the new token. I can't find anything anywhere on how that might be possible. At the moment we are relying on passing the original access token with the refresh request and decoding it and applying the same claims to the new token. However passing the original access token with the refresh token doesn't seem to be a standard practice.
Are you aware of any way to do this? Our thinking was to persist the custom claims in the database. Perhaps adding a column to Passport's oauth_access_tokens
table and storing them they way it does with scopes
. Not ideal to hack around Passport though.
Is it something that this package could support? We'd be happy to contribute a PR
Hi.
I have a case for a multi companies app:
Is it possible to add custom claim (chosen company id in this case), into the token generated by the password grant?
Thank you.
Look at this, BearerTokenValidator.php#L126-L131,
// Return the request with additional attributes
return $request
->withAttribute('oauth_access_token_id', $claims->get('jti'))
->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud')))
->withAttribute('oauth_user_id', $claims->get('sub'))
->withAttribute('oauth_scopes', $claims->get('scopes'));
For example, I has company_id
on private claims, and the middleware check works correctly, but I want to use the id to make queries with results only from that company,
It would be useful to have a static property where the token is stored, and a helper, so we can get the claims from anywhere
Example:
///
$query->where('company_id', token_private_claim('company_id'))
///
When refreshing a token, oauth2-server
(which Laravel uses in the background) has a mechanism to retrieve old scopes
claims from the token so that you can just refresh the token without the need to know what is in the token itself.
It seems this package is only adding
custom claims to an existing token (after the refresh has happened). This means that when you refresh a token, you cannot access the old token custom claims this package can add. It seems that you can only add claims to the newly refreshed token. Is that correct?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.