如何处理oauth2和csrf令牌Laravel [英] How to handle oauth2 and csrf token laravel

问题描述

我安装了Laravel 5.2和 oAuth2服务器Laravel 在我的项目中.我必须对网站和web-api使用相同的功能.对于网站，我的功能正常运行，但是当我对web-api使用相同的功能时，显示错误TokenMismatchException in VerifyCsrfToken.php line 67:.

I installed Laravel 5.2 and oAuth2 Server Laravel in my project. I have to use same function for web-site and web-api. For web-site my function is working properly but when I use same function for web-api shown error TokenMismatchException in VerifyCsrfToken.php line 67:.

我的路线

/* for web*/
Route::post('admin/user_login', 'Auth\AuthController@authenticate');

/* for mobile api */
Route::group(['prefix'=>'api/','before' => 'oauth'], function()
{
    Route::post('/user/login', 'Auth\AuthController@authenticate');

});

当我将此控制器用于Web时，此代码可以正常工作，但是当我调用API时，该时间显示错误.我该如何处理?我必须同时使用 oAuth 路由和网络路由.预先感谢.

When I use this controller for web, this code working fine but when I call API that time shown error. How I can handle this? I have to use oAuth route and web route parallel. Thanks in advance.

推荐答案

您必须对以api开头的路由禁用csrfToken验证，以编辑您的app/Http/Middleware/VerifyCsrfToken.php文件并在$ except数组中将api/*添加到示例文件中来自laravel应用仓库的信息如下

you have to disable csrfToken verification for routes starting with api to do that edit your app/Http/Middleware/VerifyCsrfToken.php file and add api/* in the $except array the sample file from laravel app repo is as below

https://github.com/laravel /laravel/blob/5.2/app/Http/Middleware/VerifyCsrfToken.php

只需使其像

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'api/*'
    ];
}

您还必须从身份验证路由中删除oauth中间件，因为在身份验证期间令牌不可用，因此路由如下所示

also you have to remove oauth middleware from authenticate route, because during authentication the token is not available so route goes something like below

Route::group(['prefix'=>'api/'], function()
{
    Route::post('/user/login', 'Auth\AuthController@authenticate');
    Route::group(['middleware' => 'oauth'], function() {
       // routes which needs oauth token verification.
    })

});

这篇关于如何处理oauth2和csrf令牌Laravel的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！