I'm building a registration method for my API using passport. When the user makes his registration, I want to return him the access token, similar when we ask for an access token. For this 'm using grant password clients.
What I've done is to ask in the data of the registration the client_id along the client_secret.
Then what I'm looking is that my validation rules are able to validate that the client_secret, corresponds to the client_id.
Here is my registration method:
/**
* Register a new user in the system.
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function register(Request $request)
{
$vb = User::ValidationBook();
$data = $request->validate($vb["rules"], $vb["messages"]);
// Neccesary data to get a token at registration
$password = $data["user"]["password"];
$clientId = $data["user"]["client_id"];
$clientSecret = $data["user"]["client_secret"];
// If validation passes, create user
$user = $this->userService->store($data);
$request->request->add([
'grant_type' => 'password',
'client_id' => $clientId,
'client_secret' => $clientSecret,
'username' => $user->email,
'password' => $password,
'scope' => null,
]);
// Fire off the internal request.
$token = Request::create(
'oauth/token',
'POST'
);
return \Route::dispatch($token);
}
And here is the reduces version of my User model, I've all the rules in the validation book method.
class User extends Authenticatable
{
/**
* Returns an array that contains two indexes:
* 'rules' for the validation
* 'messages' messages given by the validation
*
* @return array
**/
public static function ValidationBook($except = [], $append = [])
{
$book = ['rules' => [], 'messages' => []];
$book['rules'] = [
... the other rules
//Extra data for register
'user.client_id' => 'required|exists:oauth_clients,id',
'user.client_secret' => 'required|exists:oauth_clients,secret'
];
$book['messages'] = [
... the other messages
// Extras
'user.client_id.required' => 'The client id is required',
'user.client_secret.required' => 'The client secret is required',
];
if (!empty($except)) {
$except = array_flip($except);
$book['rules'] = array_diff_key($book['rules'], $except);
}
if (!empty($append)) {
$book = array_merge_recursive($book, $append);
}
return $book;
}
}
How could I add a rule to the user.client_secret rule to validate that the secret corresponds to that specific id? Probably this is not the best option to return the access token after the registration, and If there is a simple way to avoid it I'll be glad to learn about it.
Thanks in advance.
from Newest questions tagged laravel-5 - Stack Overflow http://bit.ly/2Jh9YLC
via IFTTT
Aucun commentaire:
Enregistrer un commentaire