Laravel Passport密码授予刷新令牌 [英] Laravel Passport Password Grant Refresh Token

问题描述

尝试将Laravel的Passport与移动客户端结合使用.身份验证的密码授予"类型似乎是行之有效的方法，并且我可以将它与我的iOS应用程序一起使用，但是我无法使令牌刷新工作.

Trying to wrap my head around using Laravel's Passport with mobile clients. The Password Grant type of authentication seems to be the way to go, and i have it working with my iOS app, however i can't get token refreshing to work.

在进行身份验证时，我会得到一个token和一个refresh token进行存储，但是当令牌过期时，调用oauth/token/refresh路由将不起作用.该路由正在使用web中间件，这意味着我使用api路由的应用无法访问它.我不确定他们是否打算让移动客户端永不刷新，或者是否希望您滚动自己的刷新?如果有人对应该如何工作有真知灼见，那就太好了.

When authenticating i get a token and a refresh token which i store, however when the token expires, calling the oauth/token/refresh route doesn't work. The route is using the web middleware which means my app using the api route can't access it. I'm not sure if they intended for mobile clients to never refresh or if they wanted you to roll your own refreshing? If anyone has insight on how this is supposed to work, that'd be great.

推荐答案

oauth/token/refresh路由不适用于刷新访问令牌.它用于刷新瞬态令牌，当您从javascript使用自己的API时使用.

The oauth/token/refresh route is not for refreshing access tokens. It is used to refresh transient tokens, which are used when you consume your own API from your javascript.

要使用您的refresh_token刷新访问令牌，您需要使用refresh_token的grant_type调用oauth/token路由.

To use your refresh_token to refresh your access token, you need to call the oauth/token route with the grant_type of refresh_token.

这是文档提供的示例:

This is the example provided by the documentation:

$http = new GuzzleHttp\Client;

$response = $http->post('http://your-app.com/oauth/token', [
    'form_params' => [
        'grant_type' => 'refresh_token',
        'refresh_token' => 'the-refresh-token',
        'client_id' => 'client-id',
        'client_secret' => 'client-secret',
        'scope' => '',
    ],
]);

return json_decode((string) $response->getBody(), true);

关于范围的一个说明，当刷新令牌时，您只能获得与原始访问令牌相同或更窄的范围.如果您尝试获取原始访问令牌未提供的范围，则会收到错误消息.

One note about scopes, when you refresh the token, you can only obtain identical or narrower scopes than the original access token. If you attempt to get a scope that was not provided by the original access token, you will get an error.

这篇关于Laravel Passport密码授予刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！