使用Laravel Passport获取经过身份验证的用户并授予密码 [英] Get authenticated user with Laravel Passport and grant password
问题描述
我使用Laravel进行了API REST,现在我正在尝试使用它.问题是我需要在API中对用户进行身份验证,并且正在使用密码授予方法.我可以正确地对用户进行身份验证,并且可以获得访问令牌,但是从那时起,我在使用的应用程序中看不到使用访问令牌检索经过身份验证的用户的方法.
I did an API REST with Laravel and now I'm trying to consume it. The thing is I need to authenticate users in the API and I am using the Password Grant method. I can authenticate users correctly and I can get an access token but from then, I don't see a way to retrieve the authenticated user with the access token in my consuming application.
我在API中尝试了这样的路由:
I tried in the API with a route like this:
Route::get('/user', function(Request $request) {
$user = $request->user();
// Even with
$user = Auth::user();
return $user;
});
没有骰子.我正在阅读Passport代码,但无法弄清楚.我的猜测是我需要指定一种新的警卫类型,因为Laravel Passport似乎没有为这种授权类型提供一种警卫类型.
No dice. I am reading Passport code but I can't figure it out. My guess is that I would need to specify a new guard type or something because It doesn't seem that Laravel Passport provides one for this kind of grant type...
要澄清的事情:
- 我有一个API REST应用程序,其中就是oAuth2服务器.
- 我还有另一个使用API REST的应用程序.
- 我确实知道工作流程.就我而言,使用密码授予功能,我可以在消费者应用程序中获取用户凭据,然后向/oauth/token发出请求,将 grant_type 指定为密码,我提供了用户凭证以及我的客户凭证,直到我确定它们是使用" php artisan Passport:client --password "(请注意--password选项) 生成的
- 我可以毫无问题地获得访问令牌.我现在需要的是从API REST获取我刚刚通过身份验证的用户的JSON表示形式.但这是问题所在:我只有一个访问令牌.我无法与用户建立联系.
- I have an API REST application, wich is the oAuth2 Server.
- I have another application consuming the API REST.
- I do know the workflow. In my case, with Password Grant, I get the user credentials in my consumer application, then I make a request to /oauth/token specifying the grant_type to password, I provide the user credentials along with my client credentials, wich I am sure they were generated with "php artisan passport:client --password" (note the --password option)
- I can get the access token with no problems. What I need now, is to get a JSON representation of the user I just authenticated from the API REST. But here is the problem: I just have an access token. Nothing I can relate with the user.
或者我可以吗?也许我可以扩展用于验证密码授予请求的方法,以将生成的访问令牌与正在验证的用户相关联... * 灯泡打开*
Or can I? Maybe I can extend the method that authenticates password grant requests to relate the generated access token to the user it is authenticating... *light bulb turns on*
使用应用程序测试代码:
try {
$client = new Client();
$result = $client->post('https://myapi.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => '5',
'client_secret' => 'my_secret',
'username' => 'user_I_am_authenticating',
'password' => 'the_user_password',
'scope' => '',
]
]);
$access_token = json_decode((string) $result->getBody(), true)['access_token'];
$result = $client->get('https://myapi.com/client/user', [
'headers' => [
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => "Bearer $access_token",
]
]);
return (string) $result->getBody();
} catch (GuzzleException $e) {
return "Exception!: " . $e->getMessage();
}
请注意, https://myapi.com/client/user 路线只是我在API中进行测试的路线.该路线定义为:
Route::get('/user', function(Request $request) {
return $request->user();
});
现在.我知道这是行不通的.这是我想要实现的.知道使用access_token/bearer_token发出请求的用户.
Now. I know this is not working. This is what I want to achieve. Know the user making the request given the access_token/bearer_token.
谢谢.
推荐答案
您忘记了适当的中间件.
You forgot the appropriate middleware.
Route::get('/user', function(Request $request) {
return Auth::user();
})->middleware('auth:api');
当您不提及auth中间件时,不会触发身份验证流程.这就是为什么您得到null.
The authentication flow is not fired when you don't mention the auth middleware. That's why you get null.
这篇关于使用Laravel Passport获取经过身份验证的用户并授予密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
