I am trying to customise your code to bind access token with specific IP and allow to respond if a request comes with same IP and access token else response 403 or 405 but not able to get success is there any way I can achieve this using larapasslavel passport
I am not 100% sure, but I think you want to override the createToken() method in ApiTokenCookieFactory. Add the IP in there.
Then you might wanna take the IP from the decoded JWT and throw an exception if it doesn't match the current on. Looks like you can do it in the decodeJwtTokenCookie() method of TokenGuard.
This will only have effect if you save the jwt into the cookie. It seems the Firebase JWT PHP package is used for cookies and the League's server for Bearer tokens.
To save it in the Bearer token as well, you need to dig deeper into League's server implementation. I did so and it seems that they use lcobucci's library to handle the validation. You should implement your own constraint and somehow append it.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community