[13.x] Use UUID to identify clients by default (#1764)

* use uuid for clients by default

* update the upgrade guide

* Update UPGRADE.md

---------

Co-authored-by: Taylor Otwell <[email protected]>

Author: hafezdivandari

UPGRADE.md

@@ -22,6 +22,19 @@ PR: https://github.com/laravel/passport/pull/1734
 
 The `league/oauth2-server` Composer package which is utilized internally by Passport has been updated to 9.0, which adds additional types to method signatures. To ensure your application is compatible, you should review this package's complete [changelog](https://github.com/thephpleague/oauth2-server/blob/master/CHANGELOG.md#900---released-2024-05-13). 
 
+### Identify Clients by UUIDs
+
+PR: https://github.com/laravel/passport/pull/1764
+
+By default, Passport now uses UUIDs to identify clients. You may keep using incremental integer IDs by setting `Passport::$clientUuids` to `false` within the `boot` method of your application's `App\Providers\AppServiceProvider` class:
+
+    public function boot(): void
+    {
+        Passport::$clientUuids = false;
+    }
+
+As a consequence of this change, the `'passport.client_uuids'` configuration property has been removed, as well as the `Passport::clientUuids()` and `Passport::setClientUuids()` methods.
+
 ### Client Secrets Hashed by Default
 
 PR: https://github.com/laravel/passport/pull/1745

config/passport.php

@@ -43,19 +43,6 @@
 
     'connection' => env('PASSPORT_CONNECTION'),
 
-    /*
-    |--------------------------------------------------------------------------
-    | Client UUIDs
-    |--------------------------------------------------------------------------
-    |
-    | By default, Passport uses auto-incrementing primary keys when assigning
-    | IDs to clients. However, if Passport is installed using the provided
-    | --uuids switch, this will be set to "true" and UUIDs will be used.
-    |
-    */
-
-    'client_uuids' => false,
-
     /*
     |--------------------------------------------------------------------------
     | Personal Access Client

database/migrations/2016_06_01_000001_create_oauth_auth_codes_table.php

@@ -14,7 +14,7 @@ public function up(): void
         Schema::create('oauth_auth_codes', function (Blueprint $table) {
             $table->char('id', 80)->primary();
             $table->foreignId('user_id')->index();
-            $table->foreignId('client_id');
+            $table->foreignUuid('client_id');
             $table->text('scopes')->nullable();
             $table->boolean('revoked');
             $table->dateTime('expires_at')->nullable();

database/migrations/2016_06_01_000002_create_oauth_access_tokens_table.php

@@ -14,7 +14,7 @@ public function up(): void
         Schema::create('oauth_access_tokens', function (Blueprint $table) {
             $table->char('id', 80)->primary();
             $table->foreignId('user_id')->nullable()->index();
-            $table->foreignId('client_id');
+            $table->foreignUuid('client_id');
             $table->string('name')->nullable();
             $table->text('scopes')->nullable();
             $table->boolean('revoked');

database/migrations/2016_06_01_000004_create_oauth_clients_table.php

@@ -12,10 +12,10 @@
     public function up(): void
     {
         Schema::create('oauth_clients', function (Blueprint $table) {
-            $table->id();
+            $table->uuid('id')->primary();
             $table->foreignId('user_id')->nullable()->index();
             $table->string('name');
-            $table->string('secret', 100)->nullable();
+            $table->string('secret')->nullable();
             $table->string('provider')->nullable();
             $table->text('redirect');
             $table->boolean('personal_access_client');

src/Client.php

@@ -68,7 +68,7 @@ public function __construct(array $attributes = [])
     {
         parent::__construct($attributes);
 
-        $this->usesUniqueIds = Passport::clientUuids();
+        $this->usesUniqueIds = Passport::$clientUuids;
     }
 
     /**
@@ -209,7 +209,7 @@ public function confidential()
      */
     public function uniqueIds()
     {
-        return Passport::clientUuids() ? [$this->getKeyName()] : [];
+        return $this->usesUniqueIds ? [$this->getKeyName()] : [];
     }
 
     /**
@@ -219,7 +219,7 @@ public function uniqueIds()
      */
     public function newUniqueId()
     {
-        return Passport::clientUuids() ? (string) Str::orderedUuid() : null;
+        return $this->usesUniqueIds ? (string) Str::orderedUuid() : null;
     }
 
     /**
@@ -229,7 +229,7 @@ public function newUniqueId()
      */
     public function getKeyType()
     {
-        return Passport::clientUuids() ? 'string' : $this->keyType;
+        return $this->usesUniqueIds ? 'string' : $this->keyType;
     }
 
     /**
@@ -239,7 +239,7 @@ public function getKeyType()
      */
     public function getIncrementing()
     {
-        return Passport::clientUuids() ? false : $this->incrementing;
+        return $this->usesUniqueIds ? false : $this->incrementing;
     }
 
     /**

src/Console/InstallCommand.php

@@ -3,7 +3,6 @@
 namespace Laravel\Passport\Console;
 
 use Illuminate\Console\Command;
-use Laravel\Passport\Passport;
 use Symfony\Component\Console\Attribute\AsCommand;
 
 #[AsCommand(name: 'passport:install')]
@@ -15,7 +14,6 @@ class InstallCommand extends Command
      * @var string
      */
     protected $signature = 'passport:install
-                            {--uuids : Use UUIDs for all client IDs}
                             {--force : Overwrite keys they already exist}
                             {--length=4096 : The length of the private key}';
 
@@ -35,12 +33,9 @@ public function handle()
     {
         $this->call('passport:keys', ['--force' => $this->option('force'), '--length' => $this->option('length')]);
 
+        $this->call('vendor:publish', ['--tag' => 'passport-config']);
         $this->call('vendor:publish', ['--tag' => 'passport-migrations']);
 
-        if ($this->option('uuids')) {
-            $this->configureUuids();
-        }
-
         if ($this->confirm('Would you like to run all pending database migrations?', true)) {
             $this->call('migrate');
 
@@ -49,40 +44,4 @@ public function handle()
             }
         }
     }
-
-    /**
-     * Configure Passport for client UUIDs.
-     *
-     * @return void
-     */
-    protected function configureUuids()
-    {
-        $this->call('vendor:publish', ['--tag' => 'passport-config']);
-
-        config(['passport.client_uuids' => true]);
-        Passport::setClientUuids(true);
-
-        $this->replaceInFile(config_path('passport.php'), '\'client_uuids\' => false', '\'client_uuids\' => true');
-        $this->replaceInFile(database_path('migrations/****_**_**_******_create_oauth_auth_codes_table.php'), '$table->foreignId(\'client_id\');', '$table->foreignUuid(\'client_id\');');
-        $this->replaceInFile(database_path('migrations/****_**_**_******_create_oauth_access_tokens_table.php'), '$table->foreignId(\'client_id\');', '$table->foreignUuid(\'client_id\');');
-        $this->replaceInFile(database_path('migrations/****_**_**_******_create_oauth_clients_table.php'), '$table->id();', '$table->uuid(\'id\')->primary();');
-    }
-
-    /**
-     * Replace a given string in a given file.
-     *
-     * @param  string  $path
-     * @param  string  $search
-     * @param  string  $replace
-     * @return void
-     */
-    protected function replaceInFile($path, $search, $replace)
-    {
-        foreach (glob($path) as $file) {
-            file_put_contents(
-                $file,
-                str_replace($search, $replace, file_get_contents($file))
-            );
-        }
-    }
 }

src/Passport.php

@@ -119,7 +119,7 @@ class Passport
      *
      * @var bool
      */
-    public static $clientUuids = false;
+    public static $clientUuids = true;
 
     /**
      * The token model class name.
@@ -511,27 +511,6 @@ public static function client()
         return new static::$clientModel;
     }
 
-    /**
-     * Determine if clients are identified using UUIDs.
-     *
-     * @return bool
-     */
-    public static function clientUuids()
-    {
-        return static::$clientUuids;
-    }
-
-    /**
-     * Specify if clients are identified using UUIDs.
-     *
-     * @param  bool  $value
-     * @return void
-     */
-    public static function setClientUuids($value)
-    {
-        static::$clientUuids = $value;
-    }
-
     /**
      * Set the token model class name.
      *

src/PassportServiceProvider.php

@@ -126,8 +126,6 @@ public function register()
     {
         $this->mergeConfigFrom(__DIR__.'/../config/passport.php', 'passport');
 
-        Passport::setClientUuids($this->app->make(Config::class)->get('passport.client_uuids', false));
-
         $this->app->when(AuthorizationController::class)
                 ->needs(StatefulGuard::class)
                 ->give(fn () => Auth::guard(config('passport.guard', null)));