Home > database >  laravel passport authorization code grant PKCE requires scope
laravel passport authorization code grant PKCE requires scope

Time:03-16

I am trying to implement authorization code grant with Laravel Passport and my SPA app. I stumbled upon following issue:

To my knowledge scopes in OAuth are optional, I don't have to request one while asking for code. Even enter image description here

Does anyone know what is going on here?

Regards, Rob

CodePudding user response:

In your URL there is scope=''& instead of scope=&.

Try building the query parameters using http_build_query() as per docs.

$query = http_build_query([
    'client_id' => 'client-id',
    'redirect_uri' => 'http://third-party-app.com/callback',
    'response_type' => 'code',
    'scope' => '',
    'state' => $state,
    'code_challenge' => $codeChallenge,
    'code_challenge_method' => 'S256',
]);

Secondly, your code_challenge ends with a =.

So you probably should:

  • remove the = sign at the end of this.challenge
  • replace with - of this.challenge
  • replace / with _ of this.challenge

PHP example

$encoded = base64_encode(hash('sha256', $code_verifier, true));

$codeChallenge = strtr(rtrim($encoded, '='), ' /', '-_');

CodePudding user response:

from what i remember, you can just hardcode scopes to '*' and that should work, i did the same.

  • Related