How to implement JWT custom payload? A full example?

[lucavicidomini]

Hi, I'm struggling with the new feature in release 1.10. I'm using the library in a Laravel project.

The register function creates the server and returns it. Without the commented line (the one beginning with OOOPS) the server successfully returns a JWT token, but whenever I un-comment that line the server answers with "authorization code grant type not supported". I thought about a storage misconfiguration, but I couldn't fix it. I'm using MySQL as storage, but Jwt token, as other developers already have pointed out, is too big to be stored in it.

Any advice is really appreciated.

class MyJwtToken extends \OAuth2\ResponseType\JwtAccessToken { }

class OAuth2ServiceProvider extends ServiceProvider {

    public function register()
    {
        $this->app->singleton( 'oauth2' , function ( $app ) {
            $storage = new Pdo( App::make( 'db' )->getPdo() );
            $server = new \Oauth2\Server( $storage );

            if (setting('jwt_enable') && setting('key_private') && setting('key_public')) {
                $publicKey  = file_get_contents( setting('key_public' ) );
                $privateKey = file_get_contents( setting('key_private' ) );
                $keyStorage = new \OAuth2\Storage\Memory([
                    'keys' => [
                        'public_key'  => $publicKey,
                        'private_key' => $privateKey,
                    ],
                ]);

                $server->addStorage($keyStorage, 'access_token');
                $server->addStorage($keyStorage, 'public_key');
                $server->setConfig('use_jwt_access_tokens', true);

                $jwtTokenResponseType = new App\RtpaJwt($storage);
                // OOOPS $server->addResponseType($jwtTokenResponseType, 'token');
            }

            $server->addGrantType( new ClientCredentials( $storage ) );
            $server->addGrantType( new UserCredentials( $storage ) );
            $server->addGrantType( new RefreshToken( $storage ), ['always_issue_new_refresh_token' => true] );

            return $server;
        });
    }

}

[svycka]

you can find the example here: #795 (comment)

[afilippov1985]

$server = new \OAuth2\Server( $storage );
$server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));

[reb3r]

You also can remove all $server->addGrantType(...) calls to rely on some magic that adds the grant types regarding the added storage capabilities. See here.

[lucavicidomini]

Hi @svycka and @afilippov1985, I read the interventions on the matter by both of you in the past months :)... Your solutions here didn't fit my case, but I just figured out a solution (at least, I hope so). I replaced the last two lines at the end of the if with these:

$jwtTokenResponseType = new App\CustomJwt( $keyStorage, $keyStorage, $keyStorage );
$server->addResponseType( new AuthorizationCode( $storage ), 'code' );
$server->addResponseType( $jwtTokenResponseType, 'token' );

I had to pass three times $keyStorage to CustomJwt's constructor in order to have refresh token released (for reference: constructor is the same as JwtAccessToken and the first three parameters are: public key storage, token storage, refresh storage), and then manually add AuthorizationCode as response type.

I'm leaving it here hoping that will help someone.

PS: Thank you @c-reber for your suggestion, I will test it.