Error creating a user's personal access token

[lucaspanik]

• Passport Version: v11.3.0
• Laravel Version: v9.10.1
• PHP Version: 8.0.21
• Database Driver & Version: mysqlnd 7.4.9

Description:

Good morning, good afternoon, good evening dear.

[TL;DR]

Disparity between the sent id and the column used to search the DB for the client.

In my oauth_clients table I have the ID column auto incremented by the database and another column called client_id which is a UUID generated by config config('passport.client_uuids').

PersonalAccessTokenFactory@createRequest uses the ->id column forcibly instead of using the ->getKey() method (line 101)

passport/src/PersonalAccessTokenFactory.php

Lines 87 to 106 in b7bc60c

	/**
	* Create a request instance for the given client.
	*
	* @param \Laravel\Passport\Client $client
	* @param mixed $userId
	* @param array $scopes
	* @return \Psr\Http\Message\ServerRequestInterface
	*/
	protected function createRequest($client, $userId, array $scopes)
	{
	$secret = Passport::$hashesClientSecrets ? $this->clients->getPersonalAccessClientSecret() : $client->secret;
	return (new ServerRequest('POST', 'not-important'))->withParsedBody([
	'grant_type' => 'personal_access',
	'client_id' => $client->id,
	'client_secret' => $secret,
	'user_id' => $userId,
	'scope' => implode(' ', $scopes),
	]);
	}

ClientRepository@find uses the ->getKeyName() method to get the primary column defined in the client model.

passport/src/ClientRepository.php

Lines 37 to 48 in b7bc60c

	/**
	* Get a client by the given ID.
	*
	* @param int|string $id
	* @return \Laravel\Passport\Client|null
	*/
	public function find($id)
	{
	$client = Passport::client();
	return $client->where($client->getKeyName(), $id)->first();
	}

---

Today I had an issue with manual token generation for a user.

https://laravel.com/docs/9.x/passport#managing-personal-access-tokens

$user->createToken('Token Name')->accessToken

In my oauth_clients table I have the ID column auto incremented by the database and another column called client_id which is a UUID generated by config config('passport.client_uuids').

My problem is in the PersonalAccessTokenFactory#101 file where it obtains the client model (\Laravel\Passport\Client) and defines that it will use the value of the id column ->id instead of obtaining the value of the primary column with the method ->getKey()
https://github.com/laravel/passport/blob/11.x/src/PersonalAccessTokenFactory.php#L101

Then there is client validation in PersonalAccessGrant.php
https://github.com/laravel/passport/blob/11.x/src/Bridge/PersonalAccessGrant.php#L21

Which in turn uses the find() method of the ClientRepository.php class; in this method, ->getKeyName() from the client model is used instead of forcing the ID column as mentioned above, causing a disparity between the id sent and the column used to search for the client in the DB.
https://github.com/laravel/passport/blob/11.x/src/ClientRepository.php#L47

I believe that changing the way to get the primary_key value of the client model from $client->id to $client->getKey() in PersonalAccessTokenFactory@createRequest the problem will be fixed.

tested on passport version 10 also on:
#1623

[driesvints]

Hey @lucaspanik, we'd appreciate a PR for that change 👍