如何使用Laravel护照进行Auth和Lumen作为api [英] How to use Laravel passport for Auth and Lumen as api

问题描述

我正在研究使用laravel，laravelpassport，lumen和AngularJS开发API消耗的应用程序

I am researching for develop an API consumed application using laravel, laravel passport , lumen and AngularJS

我有以下3个域

• auth.dev -Laravel 5.4 + Passport oAuth服务器(作为身份验证服务器)
• api.dev -流明(作为API seaver)
• app.dev -php + angularjs(单页应用)

• auth.dev - Laravel 5.4 + Passport oAuth server ( as a auth server )
• api.dev - Lumen ( as a API seaver )
• app.dev - php + angularjs ( single page app )

我无法一起正确配置这3个.我已设置 auth.dev ，它将成功生成令牌，我可以从 app.dev 使用它们.

I can not properly configure those 3 together. I have setup auth.dev and it will successfully generate Tokens and I can use them from app.dev.

但是我的要求是为API，Auth和APP使用3个单独的实例

But my requirement is use 3 separate instance for API, Auth and APP

我尝试通过Lumen对其进行配置(以使用auth.dev验证访问令牌)，但是它不起作用.

I tried to configure it via Lumen ( to validate Access tokens with auth.dev) but it is not working.

这是否可行，或者有什么建议可以实现?

Is this possible or is there any suggestions to achieve this ?

推荐答案

我最近一直在致力于与此相同的实现.为了使它高效地工作需要一点努力，但是它正在工作！

I have recently been working on an implementation that is identical to this. It took a little bit of effort to make it work efficiently, but it's working!

基本上，如果您希望验证收到的令牌(应该这样做)，则需要一种方法来将Lumen从客户端应用程序接收到的令牌转发到OAuth服务上，并将该身份验证的一些详细信息返回给您流明应用程序.

Basically, if you care about validating the tokens you're receiving (which you should), you will need a way to forward the token that Lumen receives from client applications onto your OAuth service and return some details of that authentication to your Lumen app.

如果您知道Lumen API服务将始终在同一台计算机上运行，​​则可以使用某种RPC来不必要地保存通过HTTP的操作-我通过OAuth服务中的自定义Artisan命令使用了命令行界面还有一个自定义脚本从Lumen端运行它，我称之为 RemoteArtisan .

If you know that your Lumen API service is always going to run on the same machine, you could use some sort of RPC to save going over HTTP unnecessarily - I used a command line interface via a custom Artisan command in the OAuth service and a custom script to run it from the Lumen side which I call RemoteArtisan.

另一种方法是通过HTTP，基本上使您的OAuth服务提供了自己的非常基本的API端点. routes/api.php中的类似内容应该可以做到:

The other method is via HTTP, basically making your OAuth service provide its own very basic API endpoint. Something like this in routes/api.php should do:

Route::middleware('client')->get('user', function (Request $request) {
    $helper = new App\FirstPartyClientHelper;

    return response()->json($helper->getTokenOwnerDetails($request->bearerToken()));

});

我的FirstPartyClientHelper是一个简单的类，它解析令牌以从中获取ID，并使用该令牌从要发送回流明的OAuth DB中获取资源.您可能不需要在此处进行大量查询或发送大量数据，这可能只是一个简单的通过/失败.取决于您的需求.

My FirstPartyClientHelper is a simple class that parses the token to get the ID out of it and use that to fetch the resources from the OAuth DB that I want to send back to Lumen. You might not need to do lots of queries or send lots of data here, it could just be a simple pass/fail. Depends on your needs.

我建议弄清楚并发送回您的Lumen应用程序的一件事是将什么范围分配给令牌.您可能希望将它们与Passport中提供的各种示波器中间件一起使用.

One thing I would recommend figuring out and sending back to your Lumen app though is what scopes were assigned to the token. You'll probably want to use these along with the various scope middleware available in Passport.

此刻唯一的选择是将那些中间件类(CheckScopes和CheckForAnyScope)复制到您的Lumen应用程序中并手动加载它们.但这很简单，因为它们很基础.

The only option here at the moment is to duplicate those middleware classes (CheckScopes and CheckForAnyScope) into your Lumen app and load them manually. But this is pretty straightforward as they're basic.

您可能需要修改它们，以便它们可以通过Authenticatable类(通常是User模型)查看OAuth端点返回的范围.

You may need to modify them so that they can see the scopes that come back from your OAuth endpoint through your Authenticatable class (typically the User model).

这两种解决方案都将为每个请求增加一些开销，因此值得考虑在流明端将其结果缓存一段时间.

Either of these solutions are going to add some overhead to each request, so it's worth thinking about caching the result of this for some time on the Lumen end.

但是，如果这样做，请确保它没有被高速缓存很长时间，因为它可能会使过期的令牌仍然被视为有效.

If you do that though, make sure it's not cached for a long time because it could allow expired tokens to still be considered as valid.

或者，将令牌的过期时间存储在缓存中的某个位置，并根据请求时间进行验证，以确保令牌未过期.

Alternatively, store the expiry time of the token somewhere in your cache and validate that against the time of the request to make sure the token hasn't expired.

希望这会有所帮助.

这篇关于如何使用Laravel护照进行Auth和Lumen作为api的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！