[13.x] Force confidential PAT client (#1761)

Author: hafezdivandari

src/Bridge/PersonalAccessGrant.php

@@ -3,7 +3,9 @@
 namespace Laravel\Passport\Bridge;
 
 use DateInterval;
+use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\AbstractGrant;
+use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -19,6 +21,13 @@ public function respondToAccessTokenRequest(
     ): ResponseTypeInterface {
         // Validate request
         $client = $this->validateClient($request);
+
+        if (! $client->isConfidential()) {
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
+
+            throw OAuthServerException::invalidClient($request);
+        }
+
         $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
         $userIdentifier = $this->getRequestParameter('user_id', $request);