Laravel Passport API状态码:403禁止 [英] Laravel Passport API Status Code:403 Forbidden
问题描述
我正在开发一个Ionic移动应用程序,该应用程序通过REST API连接到Laravel中的服务器.我使用了Laravel护照包,并配置了一些有关授权令牌在API上如何工作的内容.因此,我在Ionic应用程序的提供程序上编写了一些代码,并为移动设备中的用户提供了此登录功能,以便通过服务器上的API通过API登录,但是它始终告诉我该错误:
I am developing an Ionic Mobile App that connects to the server in Laravel via REST API. I used the Laravel passport package and configured some stuffs on how authorization tokens will work on the API. So I write some code on providers for the Ionic app and I have this login function for the user in the mobile to logged in via API from the server but it keeps telling me this error:
状态码:403禁止
Status Code:403 Forbidden
这似乎是服务器端错误,我无权访问此资源.对吧?
This seems to be a server side error that I don't have the permission to access this resources. Right?
因此服务器理解了来自Ionic端的请求,但是拒绝了该请求或服务器禁止了该请求.
So the server understood the request coming from the Ionic side but refuses it or forbidden by the server.
我使用CORS Allow-Control-Origin将Ionic应用程序连接到Laravel.
I used the CORS Allow-Control-Origin to connect Ionic apps to Laravel.
但是,当我尝试使用POSTMAN进行Laravel护照包提供的所有授予类型和客户机密的POST请求时,它成功地通过oauth给了我令牌类型承载,访问令牌和刷新令牌.
However when I tried to do a POST request using POSTMAN with all the grant types and client secret provided by the Laravel passport package it is successful that it give me the token type bearer, access token and the refresh token by the oauth.
这是我的中间件Cors中的代码
Here is the code in my Middleware Cors
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
这是我的api路由中的代码:
and here is the code in my api routes:
<?php
use Illuminate\Http\Request;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api', 'cors')->get('/user', function (Request $request) {
return $request->user();
});
Route::resource('departments', 'DepartmentAPIController');
Route::resource('users', 'UserAPIController');
Route::get('users/{username}', 'UserAPIController@getAccount');
Route::resource('inspection_checklists', 'InspectionChecklistsAPIController');
顺便说一句,我正在使用用户API控制器中的getAccount函数.
Btw I am using the getAccount function in the User API Controller.
感谢有人可以提供帮助. 预先感谢.
Appreciate if someone can help. Thanks in advance.
推荐答案
与CORS无关. 如护照文件所述:
There is nothing to do with CORS. as stated in passport documentation:
JSON API受
web和auth中间件保护;因此,只能从您自己的应用程序中调用它.无法从外部源调用它. 这意味着您必须登录才能使用这些路由.
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source. That means you have to be logged in to use these routes.
这篇关于Laravel Passport API状态码:403禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
