xcoorp/laravel-passport-introspection

Package to add an introspection endpoint to Laravel Passport

Maintainers

Details

github.com/xcoorp/laravel-passport-introspection

Homepage

Source

Issues

Installs: 34

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 4

v1.0.1 2024-09-04 09:42 UTC

Requires

Requires (Dev)

MIT 9eda2a91f109902c613b95105bc6b7408dae0828

oauthlaravelpassportintrospection

This package is auto-updated.

Last update: 2024-12-23 10:13:28 UTC

README

Software License Laravel Version Requirements

Introduction

Laravel Passport Introspection is a Laravel Passport addition that provides an introspection endpoint for your Laravel application. This is useful if you want to introspect tokens in your application, e.g. to check if a token is still valid or to get information about the token.

You will typically need this if you set up a separate resource server that is meant to authenticate against an Authentication Server running Laravel Passport. To setup a resource server, you can check out the Passport Control Package.

Table of Contents

Installation

Important

This package assumes you have already installed and configured Laravel Passport in your Laravel application.

You can simply install the package via composer:

composer require xcoorp/laravel-passport-introspection

After the installation you need to add the introspect scope to the configured passport scopes. If you haven't already defined scopes or do not know how to do this, please refer to the official Laravel Passport documentation.

use Laravel\Passport\Passport;

Passport::tokensCan([
    'introspect' => 'Introspect tokens',
]);

Usage

Once you have installed the package, a new Route will be available at /oauth/introspect that you can use to introspect tokens. Please note that the introspection endpoint is not meant to be publicly accessible since it can leak sensitive information about your tokens. Therefore, this package makes use of the client credentials grant to authenticate the request. More information on what this is and how to create a client credentials grant client can be found in the official Laravel Passport documentation.

Once you have created a client credentials grant client, and received an access token for it, you can use the token to authenticate against the introspection endpoint via Bearer Authentication. The endpoint expects a POST request with the following inside the request body (application/x-www-form-urlencoded):

The endpoint will return a JSON response with the following parameters:

If you want to customize the Route or the Controller that handles the introspection request, you can disable route publishing of this package and create your own route and controller. You can do this by adding the following line to the boot method of your AppServiceProvider:

public function boot()
{
    PassportIntrospection::ignoreRoutes();
}

Testing

Functionality of this package is tested with Pest PHP. You can run the tests with:

composer test

Code of Conduct

In order to ensure that the community is welcoming to all, please review and abide by the Code of Conduct.

Security Vulnerabilities

Please review the security policy on how to report security vulnerabilities.

License

The MIT License (MIT). Please see License File for more information.