Laravel Passport,通过密码客户端进行多个连接 [英] Laravel Passport, multiple connexions via password client
问题描述
我很难理解如何使用Laravel Passport通过密码客户端为同一个用户实现多个连接:
I am having troubles understanding how could I implement multiple connexions for same user via password client with Laravel Passport:
我有一个移动应用程序,需要与基于Laravel的API通信.我的用户在应用程序首次启动时必须输入其login和password才能获得access_token.
I have a mobile app, that needs to communicate with a Laravel based API. My users, at first launch of the app, will have to enter their login and password to get an access_token.
因此,我认为我需要将密码客户端secret放入移动应用程序的代码中,以便能够请求令牌.但是,如果我的用户有iPhone和iPad,而他想同时从两者登录,该怎么办?
So I think that I need to put my password client secret in the code of my mobile app to be able to request tokens. But what if, my user has an iPhone and an iPad and he wants to login from both.
我之所以问是因为,每次我从同一个password_client向POST /oauth/token发出请求时,我的password_client请求的某个user的每个access_token都会得到revoked.
I'm asking because every time I make a request to POST /oauth/token, from the same password_client, every access_token of a certain user requested with my password_client gets revoked.
这意味着,我的用户每次使用iPad时,都将与iPhone断开连接,因为令牌不再有效了吗?
That would mean that, every time my user would use his iPad, he would be disconnected from his iPhone because the token wouldn't be valid anymore?
我错过了什么吗?
推荐答案
您可以编写自己的Controller和Routes ...
You can write your own Controller and Routes...
Passport有一个已定义的"Laravel \ Passport \ Http \ Controllers \ AccessTokenController",还有一个名为"issueToken()"的方法.
Passport has a defined "Laravel\Passport\Http\Controllers\AccessTokenController" and there is a method called "issueToken()".
如果您看到下面的方法,它将调用函数"revokeOtherAccessTokens()",并且此删除或 使用以下所有"access_tokens" "Laravel \ Passport \ TokenRepository"
If you see the method below it calls the function "revokeOtherAccessTokens()", and this deletes or revoke all "access_tokens" using the "Laravel\Passport\TokenRepository"
所以您可以做的是编写自己的控制器,并防止调用"revokeOtherAccessTokens()"
您必须牢记的事实是,访问令牌将永远不会被修剪或吊销,至少不会发出刷新令牌或手动将其删除.
发出刷新令牌时,刷新令牌和访问令牌被吊销,因为方法"respondToAccessTokenRequest()"中的"League \ OAuth2 \ Server \ Grant \ RefreshTokenGrant",它已经吊销了旧的"access_token"和"refresh_token",因此在这种情况下,我们不必担心撤销或删除它们.
Refresh tokens and access tokens are revoked when refresh token is issued, because the "League\OAuth2\Server\Grant\RefreshTokenGrant" in method "respondToAccessTokenRequest()", it already revoke old "access_token" and "refresh_token", so we don't have to worry about revoke or delete them in this case.
...
// Expire old tokens
$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
...
这是一个示例实现,希望对您有所帮助:
Here is an sample implementation, hope it helps:
路线:
Route::post('oauth/access_token', 'Auth\OAuth2Controller@issueToken');
自定义控制器:
<?php
namespace App\Http\Controllers\Auth;
use Laravel\Passport\Http\Controllers\HandlesOAuthErrors;
use Zend\Diactoros\Response as Psr7Response;
use Psr\Http\Message\ServerRequestInterface;
use League\OAuth2\Server\AuthorizationServer;
use App\Http\Controllers\Controller;
class OAuth2Controller extends Controller
{
use HandlesOAuthErrors;
/**
* The authorization server.
*
* @var AuthorizationServer
*/
protected $server;
/**
* Create a new controller instance.
*
* @param AuthorizationServer $server
* @return void
*/
public function __construct(AuthorizationServer $server)
{
$this->server = $server;
}
/**
* Authorize a client to access the user's account.
*
* @param ServerRequestInterface $request
* @return Response
*/
public function issueToken(ServerRequestInterface $request)
{
return $this->withErrorHandling(function () use ($request) {
return $this->server->respondToAccessTokenRequest($request, new Psr7Response);
});
}
}
这篇关于Laravel Passport,通过密码客户端进行多个连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
