How to handle "unsupported_grant_type" from laravel passport

Asked 30/1, 2020 at 9:8 Answered 8/8 at 18:23

Solved php laravel oauth-2.0 clientcredential

I'm playing around with laravel and try to enable client credentials grant to secure some api endpoints.

To provide some context: I want to create an api that stands between a database and several websites (and SPAs). So I'll be able to do some monitoring (what website/SPA calls which ressources) and in general add some security. So in this case where no additional user inforamtion is required, the client credential grant for machine-to-machine communication should be the best approach.

I followed someone tutorials (e.g. this tutrial) to implement these grant type but I get stuck...

I did the following:

load passport: composer require laravel/passport
add service provider to config/app.php: Laravel\Passport\PassportServiceProvider::class,
migrate: php artisan migrate
install: php artisan passport:install
added HasApiTokens to App\User.php
added Passport::routes() to app/Providers/AuthServiceProvider.php
last but not least set driver option of the authentication guard to passport in config/auth.php

So far so good. Now I created a sample client with php artisan passport:client:

New client created successfully.
Client ID: 3
Client secret: S5s9oEIRm5DNy5ySsr1H6jWlraOCZyF24gcpoDrJ

Now when I want to get a token for this client by using postman (added in the body.formdata like provided here)

I get the following error.

{
    "error": "unsupported_grant_type",
    "error_description": "The authorization grant type is not supported by the authorization server.",
    "hint": "Check that all required parameters have been provided",
    "message": "The authorization grant type is not supported by the authorization server."
}

Am I missing something? I thought I did all the necessary steps to register the grant type?

Thanks in advance!!

Voracity answered 30/1, 2020 at 9:8 Comment(3)

I'm not sure if I understand you @Kamlesh Paul... I searched your link for the client credential grant and it says

To retrieve a token using this grant type, make a request to the oauth/token endpoint:  'grant_type' => 'client_credentials', 'client_id' => 'client-id', 'client_secret' => 'client-secret', 'scope' => 'your-scope',

. So the only think missing is the scope attribute. I tried this earlier and nothing changed if I provide this (I let it as an empty string, because I don't now what it really does) – Voracity 30/1, 2020 at 9:20

Maybe its because you misspelled grant_type. In the screenshot it says grand_type – Rosenstein 30/1, 2020 at 10:11

oh nooo :/ I'm so stupid. You're right @nahri, I changed it and it worked. Thanks!. 3 hrs lifetime wasted. Do you want to write it down as an answer, so that I can accept it? :) – Voracity 30/1, 2020 at 12:32

You misspelled grant_type. In the screenshot it says grand_type.

Rosenstein answered 2/2, 2020 at 19:28 Comment(0)

In latest versions you need to enable passwordGrant from AppServiceProvider boot method :

Passport::enablePasswordGrant();

Bazar answered 8/8 at 18:23 Comment(0)

The response is a bit late - but in case anyone has the issue in the future...

From the screenshot above - it seems that you are adding the url data (username, password, grant_type) to the header and not to the body element.

Clicking on the body tab, and then select "x-www-form-urlencoded" radio button, there should be a key-value list below that where you can enter the request data

Retainer answered 26/7, 2022 at 19:1 Comment(0)

as you mention this is for SPA so

Try this

grant_type: "password"
client_id:3
username:"your email"
password: "your password"
scope: "*"

put this in you postman

by this you will get access token and refresh token for that specif user

ref link https://laravel.com/docs/5.8/passport#requesting-password-grant-tokens

Danged answered 30/1, 2020 at 9:22 Comment(2)

Thank you for your answer @Kamlesh Paul. Unfortunately the error doesn't change... Why do I need to change the grant type? I mean later on the clients are no real users, instead they are SPAs and websites. So this is a machine-to-machine communication, right? Or did I miss misunderstood something? – Voracity 30/1, 2020 at 9:34

OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords link en.wikipedia.org/wiki/OAuth – Danged 30/1, 2020 at 9:36

Recommended topics

Hot tags