Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[13.x] Fix clients confidentiality #1782

Merged

Conversation

hafezdivandari
Copy link
Contributor

All grant types (except client credentials grant) allow public client (client with no secret). This PR:

  • Prompt user for creating confidential or public client on passport:client command, for grant types that support public option: "Authorization code", "Password", and "Device Authorization" (TBD [13.x] Device Authorization Grant RFC8628 #1750) grants.
  • Fix implicit client creation was always confidential unnecessarily.
  • Clean up passport:client command.

Summary

Grant Public Confidential Changes
Authorization code Prompt user on passport:client command.
Client credentials No change
Device authorization TBD #1750
Implicit Fixed
Password Prompt user on passport:client command
Personal access N/A N/A No change
Refresh token No change

@taylorotwell taylorotwell merged commit 195058c into laravel:13.x Aug 31, 2024
9 checks passed
@hafezdivandari hafezdivandari deleted the 13.x-fix-confidential-clients branch September 6, 2024 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants