用于密码grant_type Laravel Passport的invalid_grant

Question

我正在尝试为我的应用程序接口创建一个access_token，但我遇到了显示以下消息的问题：

"error": "invalid_client",
"error_description": "Client authentication failed",
"message": "Client authentication failed"

这是我的请求数据：

{
  "username":"neal.jacobi@example.org",
  "password":"test1234",
  "grant_type":"password",
  "client_id": "2",
  "client_secret":"jScq3DMMeZctypnYb7f1ClEHyzybwTK1Yisqo09E"
}

这是我的oauth_clients表：

​

​

Answer 1

您尝试在请求数据中添加scope。

{
  "username":"neal.jacobi@example.org",
  "password":"test1234",
  "grant_type":"password",
  "client_id": "2",
  "client_secret":"jScq3DMMeZctypnYb7f1ClEHyzybwTK1Yisqo09E",
  "scope" => ""
}

如果你有什么问题，请告诉我。

Answer 2

您需要在请求正文中发送以下内容。

{
  "username":"neal.jacobi@example.org",
  "password":"test1234",
  "grant_type":"password",
  "client_id": "2",
  "client_secret":"jScq3DMMeZctypnYb7f1ClEHyzybwTK1Yisqo09E"
}

客户端凭据将通过以下方法从请求正文进行验证。

// League\OAuth2\Server\Grant\AbstractGrant 
// line 253 
protected function getClientCredentials(ServerRequestInterface $request)
    {
        [$basicAuthUser, $basicAuthPassword] = $this->getBasicAuthCredentials($request);

        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser); // It is fetching from request body

        if (\is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);

        if ($clientSecret !== null && !\is_string($clientSecret)) {
            throw OAuthServerException::invalidRequest('client_secret');
        }

        return [$clientId, $clientSecret];
    }