如何将Laravel Passport与密码授予令牌一起使用? [英] How to use Laravel Passport with Password Grant Tokens?
问题描述
我刚刚阅读了 https://laravel.com/docs/5.6/passport 文档我有些怀疑,希望有人可以帮助我:
I just read the https://laravel.com/docs/5.6/passport documentation and I have some doubts that hopefully someone could help me with:
首先,在某些情况下,我想使用Passport作为为我的移动应用程序(第一方应用程序)提供Oauth身份验证的方式.
First, some context, I want to use Passport as a way to provide Oauth authentication for my mobile app (first-party app).
-
当我使用
php artisan passport:client --password
时,我会获得一个客户端ID和一个客户端密钥.此值是否必须在我的应用程序中固定?例如将它们存储为硬编码还是作为设置"文件?如果不应该存储这些值,那么它应该如何工作?
When I use
php artisan passport:client --password
I get back a Client ID and a Client Secret. Does this value have to be fixed on my app? for example storing them hardcoded or as a "settings" file? If the values shouldn't be stored then how should it work?
要向我的应用程序注册用户,请使用:$user->createToken('The-App')->accessToken;
我得到了accessToken将作为头发送所有我的请求的消息(授权=> Bearer $ accessToken),但实际上是什么"The-App"值是什么?
To register a user to my app I use: $user->createToken('The-App')->accessToken;
I get that the accessToken will be the one used for sending on all my requests as a Header (Authorization => Bearer $accessToken) but what exactly is "The-App" value for?
为了登录用户,我使用的是URL: http://example.com/oauth/令牌并作为参数发送:
For login the user I'm using the URL: http://example.com/oauth/token and sending as parameters:
{ 用户名":"user@email.com", "password":"userpassword", "grant_type":密码", "client_id":1,//我从命令中获得的客户端ID(问题1) "client_secret":"Shhh"//我从命令中获得的客户机密(问题1) }
{ "username": "user@email.com", "password": "userpassword", "grant_type": "password", "client_id": 1, // The Client ID that I got from the command (question 1) "client_secret": "Shhh" // The Client Secret that I got from the command (question 1) }
当我使用上一个端点登录用户时,我得到一个refresh_token,我读到可以通过 http://example.com/oauth/token/refresh ,但是我尝试请求刷新,但出现错误419,我从csrf验证中删除了URL oauth/token/refresh,现在我回到"message": "Unauthenticated."
,我正在发出以下请求:
When I login the user using the previous endpoint I get back a refresh_token, I read that I could refresh the token through http://example.com/oauth/token/refresh but I try to request the refresh I got Error 419, I removed the url oauth/token/refresh from the csrf verification and now I get back "message": "Unauthenticated."
, I'm making the following request:
内容类型:x-www-form-urlencoded grant_type:refresh_token refresh_token:the-refresh-token//我从命令中获得的刷新令牌(问题3) client_id:1//我从命令中获得的客户端ID(问题1) client_secret:Shhh//我从命令中获得的客户机密(问题1) 范围:"
Content-Type: x-www-form-urlencoded grant_type: refresh_token refresh_token: the-refresh-token // The Refresh Token that I got from the command (question 3) client_id: 1 // The Client ID that I got from the command (question 1) client_secret: Shhh // The Client Secret that I got from the command (question 1) scope: ''
我应该使用该端点吗?或由于我要开发的应用程序而不必要.
Should I use this endpoint? or is not necessary given the app I'm trying to develop.
- 最后,我从护照中获得了很多端点,例如,我认为我不会使用它们:
oauth/clients*
,oauth/personal-access-tokens*
是否可以从护照发布的端点中删除它们? /li>
- Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example:
oauth/clients*
,oauth/personal-access-tokens*
is there a way to remove them from the endpoints published by passport?
非常感谢您的帮助!
推荐答案
If you are consuming your own api then you don't need to call http://example.com/oauth/token for user login because then you need to store client_id and client_secret at app side. Better you create an api for login and there you can check the credentials and generate the personal token.
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
$user = Auth::user();
$token = $user->createToken('Token Name')->accessToken;
return response()->json($token);
}
}
最后,我从护照中获得了很多终点 不要以为我会使用例如:oauth/clients *, oauth/personal-access-tokens *是否有办法将其从 护照公布的终点?
Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example: oauth/clients*, oauth/personal-access-tokens* is there a way to remove them from the endpoints published by passport?
您需要从AuthServiceProvider中删除Passport::routes();
,并仅手动放置所需的护照路线.我认为您只需要oauth/token
路线.
You need to remove Passport::routes();
from AuthServiceProvider and manually put only required passport routes. I think you only need oauth/token
route.
"The-App"的确切含义是什么?
what exactly is "The-App" value for?
如果您检查 oauth_access_tokens 表,则该表具有名称字段. $user->createToken('Token Name')->accessToken;
此处令牌名称" 存储在名称字段中.
if you check oauth_access_tokens table it has name field. $user->createToken('Token Name')->accessToken;
here the "Token Name" stored in name field.
如何将Laravel Passport与密码授予令牌一起使用?
How to use Laravel Passport with Password Grant Tokens?
要生成密码授予令牌,您必须将client_id
和client_secret
存储在应用程序端(不建议使用,请检查
To generate password grant token you have to store client_id
and client_secret
at app side (not recommended, check this ) and suppose if you have to reset the client_secret
then the old version app stop working, these are the problems. To generate password grant token you have to call this api like you mention in step 3.
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor@laravel.com',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
从
refresh_token
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
您可以查看 https://laravel.com/docs /5.6/passport#implicit-grant-tokens .
You can look this https://laravel.com/docs/5.6/passport#implicit-grant-tokens too.
这篇关于如何将Laravel Passport与密码授予令牌一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!