在 laravel-passport-social-grant 包上获取 invalid_credentials

Question

使用的包是：https://github.com/coderello/laravel-passport-social-grant

我已经按照以下提供的教程进行了所有预期的更改： https://medium.com/@hivokas/api-authentication-via-social-networks-for-your-laravel-application-d81cfc185e60

网址：

http://myurl.com/oauth/token

输出：

{
    "error": "invalid_credentials",
    "error_description": "The user credentials were incorrect.",
    "message": "The user credentials were incorrect."
}

与邮递员一起使用的参数如下：

    grant_type' => 'social', // static 'social' value
        'client_id' => $clientId, // client id
        'client_secret' => $clientSecret, // client secret
        'provider' => $providerName, // name of provider (e.g., 'facebook', 'google' etc.)
        'access_token' => $providerAccessToken, // access token issued by specified provider
    ],

这可能是什么问题？

Answer 1

对于 Facebook，您需要在 services.php 中包含 client_id 和 secret Socialite的FacebookProvider里面的代码

protected function getUserByToken($token)
{
    $this->lastToken = $token;

    $params = [
        'access_token' => $token,
        'fields' => implode(',', $this->fields),
    ];

    if (! empty($this->clientSecret)) {
        $params['appsecret_proof'] = hash_hmac('sha256', $token, $this->clientSecret);
    }

    $response = $this->getHttpClient()->get($this->graphUrl.'/'.$this->version.'/me', [
        'headers' => [
            'Accept' => 'application/json',
        ],
        'query' => $params,
    ]);

    return json_decode($response->getBody(), true);
}

所以，谷歌有点像在没有秘密的情况下工作。