[13.x] Add an option to disable device code grant (#1842)

* add an option to disable device code grant

* fix upgrade guide entry

* force re-run tests

Author: hafezdivandari

UPGRADE.md

@@ -32,7 +32,13 @@ All the authorization view's rendering logic may be customized using the appropr
 
     public function boot(): void
     {
+        // By providing the view names...
         Passport::authorizationView('auth.oauth.authorize');
+        Passport::deviceUserCodeView('auth.oauth.device.user-code');
+        Passport::deviceAuthorizationView('auth.oauth.device.authorize');
+
+        // Or using conventional names under the given prefix...
+        Passport::viewPrefix('auth.oauth');
     }
 
 ### Identify Clients by UUIDs

routes/web.php

@@ -15,17 +15,19 @@
     'middleware' => 'web',
 ]);
 
-Route::get('/device', [
-    'uses' => 'DeviceUserCodeController',
-    'as' => 'device',
-    'middleware' => 'web',
-]);
+if (Passport::$deviceCodeGrantEnabled) {
+    Route::get('/device', [
+        'uses' => 'DeviceUserCodeController',
+        'as' => 'device',
+        'middleware' => 'web',
+    ]);
 
-Route::post('/device/code', [
-    'uses' => 'DeviceCodeController',
-    'as' => 'device.code',
-    'middleware' => 'throttle',
-]);
+    Route::post('/device/code', [
+        'uses' => 'DeviceCodeController',
+        'as' => 'device.code',
+        'middleware' => 'throttle',
+    ]);
+}
 
 $guard = config('passport.guard', null);
 
@@ -45,20 +47,22 @@
         'as' => 'authorizations.deny',
     ]);
 
-    Route::get('/device/authorize', [
-        'uses' => 'DeviceAuthorizationController',
-        'as' => 'device.authorizations.authorize',
-    ]);
+    if (Passport::$deviceCodeGrantEnabled) {
+        Route::get('/device/authorize', [
+            'uses' => 'DeviceAuthorizationController',
+            'as' => 'device.authorizations.authorize',
+        ]);
 
-    Route::post('/device/authorize', [
-        'uses' => 'ApproveDeviceAuthorizationController',
-        'as' => 'device.authorizations.approve',
-    ]);
+        Route::post('/device/authorize', [
+            'uses' => 'ApproveDeviceAuthorizationController',
+            'as' => 'device.authorizations.approve',
+        ]);
 
-    Route::delete('/device/authorize', [
-        'uses' => 'DenyDeviceAuthorizationController',
-        'as' => 'device.authorizations.deny',
-    ]);
+        Route::delete('/device/authorize', [
+            'uses' => 'DenyDeviceAuthorizationController',
+            'as' => 'device.authorizations.deny',
+        ]);
+    }
 
     if (Passport::$registersJsonApiRoutes) {
         Route::get('/tokens', [

src/Passport.php

@@ -30,6 +30,11 @@ class Passport
      */
     public static bool $revokeRefreshTokenAfterUse = true;
 
+    /**
+     * Indicates if the device authorization grant type is enabled.
+     */
+    public static bool $deviceCodeGrantEnabled = true;
+
     /**
      * Indicates if the implicit grant type is enabled.
      */

src/PassportServiceProvider.php

@@ -167,7 +167,7 @@ function (AuthorizationServer $server): void {
                     );
                 }
 
-                if (Route::has('passport.device')) {
+                if (Passport::$deviceCodeGrantEnabled && Route::has('passport.device')) {
                     $server->enableGrantType(
                         $this->makeDeviceCodeGrant(), Passport::tokensExpireIn()
                     );