使用Laravel护照oauth/令牌发送更多数据 [英] Sending more data with Laravel passport oauth/token

问题描述

所以，我正在使用Laravel + Passport，到目前为止一切正常.

So, I'm using Laravel+Passport and so far is working fine.

但是，我想对护照代码进行一点更改(好吧，希望不在供应商文件夹中)，一旦我要求用户更改密码，以防他第一次登录.

But, I would like to made a small change to the passport code(well, not in the vendor folder, I hope), once that I would request the User to change it's password in case that he is doing the first login.

所以，我需要做两件事(我相信):

So, what I would need is two things (I believe):

1-如何向oauth/token响应添加更多信息?与access_token一起，我想从数据库中添加一列需要newPassword = true/false的列.

1 - How can I add one more info to the oauth/token response? Together with the access_token, I would like to add one column from the DB that is needsNewPassword=true/false.

2-如果NeedsNewPassword为true，则该应用程序将重定向到另一个屏幕，用户将在其中设置新密码.我将设置新密码，删除needsNewPassword的标志，然后将新的access_token发送回用户.然后，用户将仅使用该access_token.如何重新生成新的access_token?

2 - In case that needsNewPassword is true, then, the app will redirect to another screen, where the user will set a new password. I would set the new password, remove the flag for needsNewPassword and send back a new access_token to the user. The user then, would use only that access_token. How can I regenerate a new access_token?

感谢您的帮助！若昂

推荐答案

对，

我回答自己的问题，以防有人需要这样做.也许不是最好的方法，但是它正在工作.我所做的是:

I answering my own question, in case someone needs to do the same. Maybe is not the best way, but is working.What I did is:

• 创建一个新路径，例如/api/login，该路径指向一个方法(确保该路径不在中间件"auth"之内，一旦它不在thi调用中发送令牌).例如:Route::post('/login', 'Auth\LoginController@apiLogin');

• 在该方法中，您向oauth/token发出请求，并在结果中添加所需的字段. 测试

• Create a new route, like /api/login that points to a method (be sure that is Outside of your middleware "auth", once that it's not sending the token in thi call). E.g: Route::post('/login', 'Auth\LoginController@apiLogin');

• in the method, you do a request to the oauth/token and, with the result, you add the fields that you want. test

function apiLogin(Request $request) {
    $tokenRequest = $request->create('/oauth/token', 'POST', $request->all());
    $request->request->add([
       "client_id"     => 'your_client_id',
       "client_secret" => 'your_client_secret',
       "grant_type"    => 'password',
       "code"          => '*',
    ]);

    $response = Route::dispatch($tokenRequest);
    $json = (array) json_decode($response->getContent());
    $json['new_value'] = '123456';
    $response->setContent(json_encode($json));
    return $response
}

这对我有用.就我而言，我也只有一个应用程序，因此我的client_id，client_secret，grant_type和代码添加在服务器端.客户端只需要传递用户名(或电子邮件，取决于您使用的是什么)和密码，然后它将获得access_token和我想发送的其他信息. 希望这也会对其他人有所帮助.

This is working for me. In my case, I also have just one app so, my client_id, client_secret, grant_type and code is added in the server side. The client only need to pass username(or email, depends of what you are using) and password and then it will get the access_token and the other info that I want to send as well. Hope that this helps someone else too.

干杯， 乔

这篇关于使用Laravel护照oauth/令牌发送更多数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！