Laravel Passport Get Client ID By Access Token

I use this, to access the authenticated client app...

$bearerToken = $request->bearerToken();
$tokenId = (new \Lcobucci\JWT\Parser())->parse($bearerToken)->getHeader('jti');
$client = \Laravel\Passport\Token::find($tokenId)->client;

$client_id = $client->id;
$client_secret = $client->secret;

Source


However the answer is quite late, i got some errors extracting the JTI header in Laravel 6.x because the JTI is no longer in the header, but only in the payload/claim. (Using client grants)

local.ERROR: Requested header is not configured {"exception":"[object] (OutOfBoundsException(code: 0): Requested header is not configured at /..somewhere/vendor/lcobucci/jwt/src/Token.php:112)

Also, adding it in a middleware was not an option for me. As i needed it on several places in my app.

So i extended the original Laravel Passport Client (oauth_clients) model. And check the header as well as the payload. Allowing to pass a request, or use the request facade, if no request was passed.

<?php

namespace App\Models;

use Illuminate\Support\Facades\Request as RequestFacade;
use Illuminate\Http\Request;
use Laravel\Passport\Client;
use Laravel\Passport\Token;
use Lcobucci\JWT\Parser;

class OAuthClient extends Client
{
    public static function findByRequest(?Request $request = null) : ?OAuthClient
    {
        $bearerToken = $request !== null ? $request->bearerToken() : RequestFacade::bearerToken();

        $parsedJwt = (new Parser())->parse($bearerToken);

        if ($parsedJwt->hasHeader('jti')) {
            $tokenId = $parsedJwt->getHeader('jti');
        } elseif ($parsedJwt->hasClaim('jti')) {
            $tokenId = $parsedJwt->getClaim('jti');
        } else {
            Log::error('Invalid JWT token, Unable to find JTI header');
            return null;
        }

        $clientId = Token::find($tokenId)->client->id;

        return (new static)->findOrFail($clientId);
    }
}

Now you can use it anywhere inside your laravel app like this:

If you have $request object available, (for example from a controller)

$client = OAuthClient::findByRequest($request);

Or even if the request is not available somehow, you can use it without, like this:

$client = OAuthClient::findByRequest();

Hopefully this useful for anyone, facing this issue today.


There is a tricky method. You can modify the method of handle in the middleware CheckClientCredentials, just add this line.

        $request["oauth_client_id"] = $psr->getAttribute('oauth_client_id');

Then you can get client_id in controller's function:

public function info(\Illuminate\Http\Request $request)
{
    var_dump($request->oauth_client_id);
}

The OAuth token and client information are stored as a protected variable in the Laravel\Passport\HasApiTokens trait (which you add to your User model).

So simply add a getter method to your User model to expose the OAuth information:

public function get_oauth_client(){
  return $this->accessToken->client;
}

This will return an Eloquent model for the oauth_clients table