Laravel Passport在授权之前验证用户 [英] Laravel Passport Authenticate User Before Authorize

问题描述

我正在做一个项目，其中第三方应用程序可以从Laravel服务器访问数据.我还在laravel中创建了一个客户端应用程序进行测试.

I am working on a project where 3rd party apps can access data from Laravel server. I also have created a client application in laravel for testing.

以下代码要求授权并可以正常工作.

Following code ask for authorization and its working fine.

Route::get('/applyonline', function () {
$query = http_build_query([
    'client_id' => 5,
    'redirect_uri' => 'http://client.app/callback',
    'response_type' => 'code',
    'scope' => '',
]);
return redirect('http://server.app/oauth/authorize?'.$query);
});

如何在授权之前对用户进行身份验证?现在，我可以使用此代码访问数据表单服务器.

How can I authenticate a user before authorization? Right now I can access data form server using this code.

Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
    'form_params' => [
        'grant_type' => 'password',
        'client_id' => 2,
        'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
        'username'=> 'ali@gmail.com',
        'password' => 'password',
    ],
]);

$data = json_decode((string) $response->getBody(), true);
$access_token = 'Bearer '. $data['access_token'];
$response =  $http->get('http://server.app/api/user', [
    'headers' => [
        'Authorization' =>  $access_token
    ]
]);

$applicant = json_decode((string) $response->getBody(), true);

return view('display.index',compact('applicant'));

});

尽管上面的代码可以正常工作，但是我认为这不是在客户端询问用户名和密码的好方法.

Although above code works fine but I don't think its a good way to ask username and password at client side.

我要使用此流程(与facebook允许的相同)

I want to use this flow (Same as facebook allows)

• 单击以从服务器获取数据
• 输入用户名和密码
• 授权应用程序
• 访问经过身份验证的用户的数据

推荐答案

那是一个愚蠢的错误.与authorization_code授予类型配合使用时效果很好.我的错误是我在未注销的情况下在同一浏览器中测试服务器和客户端.因此客户端正在从服务器访问其自己的数据.同样，此流程图确实帮助我了解了护照授权的过程. http://developer.agaveapi.co/images/2014/09/Authorization-Code-Flow.png

Well that was a stupid mistake. It works fine with authorization_code grant type. My mistake was that I was testing both server and client in same browser without logout. So client was accessing its own data from server. Also this flow diagram really helped me to understand the process of passport authorization. http://developer.agaveapi.co/images/2014/09/Authorization-Code-Flow.png

 Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://server.app/oauth/token', [
    'form_params' => [
        'grant_type' => 'authorization_code',
        'client_id' => 5,
        'client_secret' => 'fcMKQc11SwDUdP1f8ioUf8OJwzIOxuF8b2VKZyip',
        'redirect_uri' => 'http://client.app/callback',
        'code' => $request->code,
    ],
]);
return json_decode((string) $response->getBody(), true);});

这篇关于Laravel Passport在授权之前验证用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！