F i n di n g us e r f rom OA ut h 2 acce ss T o ke n us i n g L a r a v el P a ssport O n ce w e stu ck i nto t he i ssu e w he r e on e o f our 3 r d p a rty a pp lica t i on ( A le x a A pp ) w a s us i n g I mp lici t G r a nt T o ke ns to a ut he nt ica t e t he us e rs a n d i t w a s c onsum i n g som e sp ecial A P I s o f on e o f t he L a r a v el a pp lica t i on w hich w e r e prot ec t ed b y `auth:api` m iddle w a r e O b v i ous l y w e w e r e us i n g L a r a v el P a ssport p ackage f or OA ut h 2 S e rv e r i mp le m e nt a t i on T he i ssu e w a s , `accessToken` w a s prov ided i n r e qu e st b o d y o f each A P I call i nst ead o f prov idi n g i t i n a r e qu e st heade r ! L a r a v el e xp ec ts `accessToken` to be i n r e qu e st heade r to de t e rm i n e if t he r e qu e st to be p e rm i tt ed or not w he n us i n g `auth:api` a s m iddle w a r e W e w a nt ed to de t e rm i n e t he us e r w h o i nvo ked t he A le x a s kill ( A P I ), so w e ca n r e turn r e su l t sp ecificall y f or t ha t us e r E g P e n di n g t a s k s o f U s e r X w h o i s calli n g t he A P I W e tr ied mu l t i p le w a ys to tr a ns f orm t he i n c om i n g r e qu e st b y p l u cki n g `accessToken` f rom r e qu e st b o d y a n d addi n g i t a s r e qu e st heade r bef or e i t r eache s to `auth:api` m iddle w a r e , b ut i t did n ' t wor ked a t all a s e xp ec t ed :( W i t h c ont e xt o f i n c om i n g w e w e r e on l y ha v i n g us e r ' s `accessToken` to de t e rm i n e t he a sso cia t ed us e r i n our a pp lica t i on a n d i n P a ssport t he r e i s no ea sy a ppro ach to r e tr ie v e t he a sso cia t ed us e r f rom `accessToken` B ut h u ge t ha n k s to P a ssport p ackage w hich i s p e r fec t l y a r chi t ec tur ed to e xt e n d a n d to un de rst a n d F i n all y w e m a n aged to ge t us e r f rom `accessToken` b y ab str ac t i n g p iece o f c o de f rom P a ssport p ackage , w hich i s i n f o ll ow i n g `Trait` <?php namespace App\Traits; use Laravel\Passport\Passport; 1 2 use Lcobucci\JWT\Parser; use Lcobucci\JWT\Signer\Rsa\Sha256; trait CustomPassportTrait { public function parseToken($accessToken) { $key_path = Passport::keyPath('oauth-public.key'); $parseTokenKey = file_get_contents($key_path); $token = (new Parser())->parse((string) $accessToken); $signer = new Sha256(); if ($token->verify($signer, $parseTokenKey)) { $userId = $token->getClaim('sub'); return $userId; } else { return false; } } } `parseToken()` ge ts `accessToken` a s i nput a n d us i n g pu blic ke y ( w hich w e ge n e r a t ed bef or e c r ea t i n g t he a pp or clie nt i n i nst alla t i on st e ps o f P a ssport ) t he `accessToken` i s p a rs ed a n d v e r ified I f to ke n i s v e r ified su cce ss f u ll y , `parseToken()` r e turns t he a sso cia t ed us e r ' s ID f rom w hich w e ca n fi n d out t he us e r i n our a pp lica t i on T he r e wou ld be be tt e r so l ut i on f or su ch s i tu a t i on , b ut t hi s so l ut i on wor k s p e r fec t l y w he n your rout e s a r e not prot ec t ed w i t h `auth:api` b ut r e qu e sts ha s `accessToken` a n d you w a nt to de t e rm i n e a sso cia t ed us e r T ha t i s i t ! T hi s i s my fi rst bl o g post , h op e i t i s us ef u l W ou ld l ov e to k now your t h ou gh ts on t hi s @ tw i tt e r S u b s c r ibe to our n e ws le tt e r G e t t he la t e st posts deli v e r ed r igh t to your i n b ox 3 N ow check your i n b ox a n d click t he li n k to c on fi rm your su b s c r i pt i on P lea s e e nt e r a v alid e m ail add r e ss O ops ! T he r e w a s a n e rror s e n di n g t he e m ail , p lea s e try la t e r R ec omm e n ded f or you N o posts f oun d A pp a r e nt l y t he r e a r e no posts a t t he mom e nt , check agai n la t e r L i n k s �. h ttps :// la r a v el c om / d o c s / m a st e r / p a ssport # i mp lici t - g r a nt - to ke ns �. h ttps :// la r a v el c om / d o c s / m a st e r / p a ssport # p a ss i n g - t he - acce ss - to ke n �. h ttps :// tw i tt e r c om / vr aj ro ha m