laravel · taylorotwell · Sep 30, 2024 · Sep 29, 2024 · Sep 29, 2024 · Sep 29, 2024
diff --git a/database/factories/ClientFactory.php b/database/factories/ClientFactory.php
@@ -14,19 +14,19 @@ class ClientFactory extends Factory
     /**
      * Get the name of the model that is generated by the factory.
      *
-     * @return class-string<\Illuminate\Database\Eloquent\Model>
+     * @return class-string<\Laravel\Passport\Client>
      */
-    public function modelName()
+    public function modelName(): string
     {
         return $this->model ?? Passport::clientModel();
     }
 
     /**
      * Define the model's default state.
      *
-     * @return array
+     * @return array<string, mixed>
      */
-    public function definition()
+    public function definition(): array
     {
         return [
             'user_id' => null,
@@ -40,37 +40,44 @@ public function definition()
 
     /**
      * Use as a Password client.
-     *
-     * @return $this
      */
-    public function asPasswordClient()
+    public function asPasswordClient(): static
     {
         return $this->state([
             'grant_types' => ['password', 'refresh_token'],
+            'redirect_uris' => [],
         ]);
     }
 
     /**
      * Use as a Personal Access Token client.
-     *
-     * @return $this
      */
-    public function asPersonalAccessTokenClient()
+    public function asPersonalAccessTokenClient(): static
     {
         return $this->state([
             'grant_types' => ['personal_access'],
+            'redirect_uris' => [],
+        ]);
+    }
+
+    /**
+     * Use as an Implicit client.
+     */
+    public function asImplicitClient(): static
+    {
+        return $this->state([
+            'grant_types' => ['implicit'],
         ]);
     }
 
     /**
      * Use as a Client Credentials client.
-     *
-     * @return $this
      */
-    public function asClientCredentials()
+    public function asClientCredentials(): static
     {
         return $this->state([
             'grant_types' => ['client_credentials'],
+            'redirect_uris' => [],
         ]);
     }
 }
diff --git a/database/migrations/2016_06_01_000001_create_oauth_auth_codes_table.php b/database/migrations/2016_06_01_000001_create_oauth_auth_codes_table.php
@@ -31,10 +31,8 @@ public function down(): void
 
     /**
      * Get the migration connection name.
-     *
-     * @return string|null
      */
-    public function getConnection()
+    public function getConnection(): ?string
     {
         return $this->connection ?? config('passport.connection');
     }

diff --git a/database/migrations/2016_06_01_000002_create_oauth_access_tokens_table.php b/database/migrations/2016_06_01_000002_create_oauth_access_tokens_table.php
@@ -33,10 +33,8 @@ public function down(): void
 
     /**
      * Get the migration connection name.
-     *
-     * @return string|null
      */
-    public function getConnection()
+    public function getConnection(): ?string
     {
         return $this->connection ?? config('passport.connection');
     }

diff --git a/database/migrations/2016_06_01_000003_create_oauth_refresh_tokens_table.php b/database/migrations/2016_06_01_000003_create_oauth_refresh_tokens_table.php
@@ -29,10 +29,8 @@ public function down(): void
 
     /**
      * Get the migration connection name.
-     *
-     * @return string|null
      */
-    public function getConnection()
+    public function getConnection(): ?string
     {
         return $this->connection ?? config('passport.connection');
     }

diff --git a/database/migrations/2016_06_01_000004_create_oauth_clients_table.php b/database/migrations/2016_06_01_000004_create_oauth_clients_table.php
@@ -34,10 +34,8 @@ public function down(): void
 
     /**
      * Get the migration connection name.
-     *
-     * @return string|null
      */
-    public function getConnection()
+    public function getConnection(): ?string
     {
         return $this->connection ?? config('passport.connection');
     }

diff --git a/src/AccessToken.php b/src/AccessToken.php
@@ -38,7 +38,7 @@ class AccessToken implements Arrayable, Jsonable, JsonSerializable
     /**
      * Create a new access token instance.
      *
-     * @param  array<string, mixed>  $attributes
+     * @param  array<TKey, TValue>  $attributes
      */
     public function __construct(array $attributes = [])
     {
@@ -84,7 +84,7 @@ public function transient(): bool
      */
     public function revoke(): bool
     {
-        return Passport::token()->newQuery()->whereKey($this->oauth_access_token_id)->update(['revoked' => true]);
+        return (bool) Passport::token()->newQuery()->whereKey($this->oauth_access_token_id)->update(['revoked' => true]);
     }
 
     /**

diff --git a/src/ApiTokenCookieFactory.php b/src/ApiTokenCookieFactory.php
@@ -10,41 +10,19 @@
 
 class ApiTokenCookieFactory
 {
-    /**
-     * The configuration repository implementation.
-     *
-     * @var \Illuminate\Contracts\Config\Repository
-     */
-    protected $config;
-
-    /**
-     * The encrypter implementation.
-     *
-     * @var \Illuminate\Contracts\Encryption\Encrypter
-     */
-    protected $encrypter;
-
     /**
      * Create an API token cookie factory instance.
-     *
-     * @param  \Illuminate\Contracts\Config\Repository  $config
-     * @param  \Illuminate\Contracts\Encryption\Encrypter  $encrypter
-     * @return void
      */
-    public function __construct(Config $config, Encrypter $encrypter)
-    {
-        $this->config = $config;
-        $this->encrypter = $encrypter;
+    public function __construct(
+        protected Config $config,
+        protected Encrypter $encrypter
+    ) {
     }
 
     /**
      * Create a new API token cookie.
-     *
-     * @param  mixed  $userId
-     * @param  string  $csrfToken
-     * @return \Symfony\Component\HttpFoundation\Cookie
      */
-    public function make($userId, $csrfToken)
+    public function make(string|int $userId, string $csrfToken): Cookie
     {
         $config = $this->config->get('session');
 
@@ -65,13 +43,8 @@ public function make($userId, $csrfToken)
 
     /**
      * Create a new JWT token for the given user ID and CSRF token.
-     *
-     * @param  mixed  $userId
-     * @param  string  $csrfToken
-     * @param  \Carbon\Carbon  $expiration
-     * @return string
      */
-    protected function createToken($userId, $csrfToken, Carbon $expiration)
+    protected function createToken(string|int $userId, string $csrfToken, Carbon $expiration): string
     {
         return JWT::encode([
             'sub' => $userId,

diff --git a/src/AuthCode.php b/src/AuthCode.php
@@ -3,6 +3,7 @@
 namespace Laravel\Passport;
 
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
 class AuthCode extends Model
 {
@@ -23,14 +24,14 @@ class AuthCode extends Model
     /**
      * The guarded attributes on the model.
      *
-     * @var array
+     * @var array<string>|bool
      */
-    protected $guarded = [];
+    protected $guarded = false;
 
     /**
      * The attributes that should be cast to native types.
      *
-     * @var array
+     * @var array<string, \Illuminate\Contracts\Database\Eloquent\Castable|string>
      */
     protected $casts = [
         'revoked' => 'bool',
@@ -56,19 +57,17 @@ class AuthCode extends Model
      *
      * @deprecated Will be removed in a future Laravel version.
      *
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo<\Laravel\Passport\Client, $this>
      */
-    public function client()
+    public function client(): BelongsTo
     {
         return $this->belongsTo(Passport::clientModel());
     }
 
     /**
      * Get the current connection name for the model.
-     *
-     * @return string|null
      */
-    public function getConnectionName()
+    public function getConnectionName(): ?string
     {
         return $this->connection ?? config('passport.connection');
     }

diff --git a/src/Bridge/AccessToken.php b/src/Bridge/AccessToken.php
@@ -15,6 +15,7 @@ class AccessToken implements AccessTokenEntityInterface
     /**
      * Create a new token instance.
      *
+     * @param  non-empty-string|null  $userIdentifier
      * @param  \League\OAuth2\Server\Entities\ScopeEntityInterface[]  $scopes
      */
     public function __construct(string|null $userIdentifier, array $scopes, ClientEntityInterface $client)

diff --git a/src/Bridge/AccessTokenRepository.php b/src/Bridge/AccessTokenRepository.php
@@ -7,7 +7,6 @@
 use Laravel\Passport\Events\AccessTokenCreated;
 use Laravel\Passport\Events\AccessTokenRevoked;
 use Laravel\Passport\Passport;
-use Laravel\Passport\TokenRepository;
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
@@ -16,23 +15,12 @@ class AccessTokenRepository implements AccessTokenRepositoryInterface
 {
     use FormatsScopesForStorage;
 
-    /**
-     * The token repository instance.
-     */
-    protected TokenRepository $tokenRepository;
-
-    /**
-     * The event dispatcher instance.
-     */
-    protected Dispatcher $events;
-
     /**
      * Create a new repository instance.
      */
-    public function __construct(TokenRepository $tokenRepository, Dispatcher $events)
-    {
-        $this->events = $events;
-        $this->tokenRepository = $tokenRepository;
+    public function __construct(
+        protected Dispatcher $events
+    ) {
     }
 
     /**
@@ -51,7 +39,7 @@ public function getNewToken(
      */
     public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity): void
     {
-        $this->tokenRepository->create([
+        Passport::token()->newQuery()->create([
             'id' => $id = $accessTokenEntity->getIdentifier(),
             'user_id' => $userId = $accessTokenEntity->getUserIdentifier(),
             'client_id' => $clientId = $accessTokenEntity->getClient()->getIdentifier(),
@@ -70,7 +58,7 @@ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEnt
      */
     public function revokeAccessToken(string $tokenId): void
     {
-        if ($this->tokenRepository->revokeAccessToken($tokenId)) {
+        if (Passport::token()->newQuery()->whereKey($tokenId)->update(['revoked' => true])) {
             $this->events->dispatch(new AccessTokenRevoked($tokenId));
         }
     }
@@ -80,6 +68,6 @@ public function revokeAccessToken(string $tokenId): void
      */
     public function isAccessTokenRevoked(string $tokenId): bool
     {
-        return $this->tokenRepository->isAccessTokenRevoked($tokenId);
+        return Passport::token()->newQuery()->whereKey($tokenId)->where('revoked', false)->doesntExist();
     }
 }
diff --git a/src/Bridge/AuthCodeRepository.php b/src/Bridge/AuthCodeRepository.php
@@ -23,31 +23,29 @@ public function getNewAuthCode(): AuthCodeEntityInterface
      */
     public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void
     {
-        $attributes = [
+        Passport::authCode()->forceFill([
             'id' => $authCodeEntity->getIdentifier(),
             'user_id' => $authCodeEntity->getUserIdentifier(),
             'client_id' => $authCodeEntity->getClient()->getIdentifier(),
             'scopes' => $this->formatScopesForStorage($authCodeEntity->getScopes()),
             'revoked' => false,
             'expires_at' => $authCodeEntity->getExpiryDateTime(),
-        ];
-
-        Passport::authCode()->forceFill($attributes)->save();
+        ])->save();
     }
 
     /**
      * {@inheritdoc}
      */
     public function revokeAuthCode(string $codeId): void
     {
-        Passport::authCode()->where('id', $codeId)->update(['revoked' => true]);
+        Passport::authCode()->newQuery()->whereKey($codeId)->update(['revoked' => true]);
     }
 
     /**
      * {@inheritdoc}
      */
     public function isAuthCodeRevoked(string $codeId): bool
     {
-        return Passport::authCode()->where('id', $codeId)->where('revoked', 0)->doesntExist();
+        return Passport::authCode()->newQuery()->whereKey($codeId)->where('revoked', false)->doesntExist();
     }
 }
diff --git a/src/Bridge/Client.php b/src/Bridge/Client.php
@@ -10,26 +10,23 @@ class Client implements ClientEntityInterface
 {
     use ClientTrait, EntityTrait;
 
-    /**
-     * The client's provider.
-     */
-    public ?string $provider;
-
     /**
      * Create a new client instance.
+     *
+     * @param  non-empty-string  $identifier
+     * @param  string[]  $redirectUri
      */
     public function __construct(
         string $identifier,
         string $name,
         array $redirectUri,
         bool $isConfidential = false,
-        ?string $provider = null
+        public ?string $provider = null
     ) {
         $this->setIdentifier($identifier);
 
         $this->name = $name;
         $this->isConfidential = $isConfidential;
         $this->redirectUri = $redirectUri;
-        $this->provider = $provider;
     }
 }