Support the ongoing development of Laravel.io →
joaosauer
posted 7 years ago
Authentication Security

I'm trying to change the behavior of the oauth/token call from the passport package in laravel. In my tests, I pass this:

POST /oauth/token HTTP/1.1
HOST: localhost:8080
content-type: application/x-www-form-urlencoded
cookie: laravel_session=eyJpdiI6Ikp...MDg4MzRjOTcifQ==
content-length: 41

grant_type=password&client_id=2&client_secret=dKhn6c8...tuECrPm1hjXN&username=test&password=123456&scope=*

and it works(I received the token with a 200 response). But I believe that the correct would be to HASH the password, once that the password is already HASHed in the Server side, we should not send it visible in the request. Am I missing something here or what should I do to be able to send the HASHed password?

Thanks, Joao

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

joaosauer joaosauer Joined 15 Mar 2017

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise