dimanche 9 juin 2019

how to generate access_token without username and password

i am trying to make api with passport if user try to login or sign up with socialite find user than generate access_token then redirect to frontend with access_token in url parameters

i tried register and login than generate access_token with user email and default password which is not good for security

my code is like this

 try {
            $serviceUser = Socialite::driver($service)->stateless()->user();
        } catch (\Exception $e) {
            return redirect(config('app.client_url') . '/auth/social-callback?error=Unable to login using ' . $service . '. Please try again' . '&origin=login');
        }

        $email = $serviceUser->getEmail();
        $name = $serviceUser->getName();
        $user = $this->getExistingUser($serviceUser, $email, $service);
        $newUser = false;
        if (!$user) {
            $newUser = true;
            $user = new User;
            $user->name = $name;
            $user->email = $email;
            $user->username = Str::random(10);
            if($service === 'facebook'){
                $user->image = $serviceUser->avatar;
            }
            $user->verify = true;
            $user->save();
        }
        if ($this->needsToCreateSocial($user, $service)) {
            Social::create([
                'user_id' => $user->id,
                'social_id' => $serviceUser->getId(),
                'service' => $service
            ]);
        }

        $http = new Client;

        $response = $http->post(config('app.url') . '/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => '2',
                'client_secret' => 'oBKWxgF2fDvrxwA05ciapwy4JYKaHxzhGzr6D24X',
                'username' => $email,
                'password' => 'gebdandi',
                'scope' => '',
            ],
        ]);

        $body = json_decode((string) $response->getBody(), true);

        $accessToken = $body['access_token'];
        return redirect(config('app.client_url') . '/social-callback?token=' . $accessToken . '&origin=' . ($newUser ? 'register' : 'login'));

i can't find any solution on documentation

if possible please show good code



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire