Laravel 5.3 Passport路由正在使用Web中间件 [英] Laravel 5.3 Passport routes is using web middleware

问题描述

Laravel 5.3 Passport组件看起来很酷，但是我对此有些困惑.

Laravel 5.3 Passport component looks pretty cool, but I have some confusion on it.

在文档中，Passport处于API身份验证之下，并且在设置config/auth.php时，它将驱动程序更改为守护程序"api"的"passport".

On documentation Passport is under API Authentication, and when set config/auth.php, it will change driver to be 'passport' of guards 'api'.

Laravel 5.3具有web.php和api.php来区分路由组以使用Web中间件或api中间件.

Laravel 5.3 have web.php and api.php to differ routes group to use web middleware or api middleware.

安装Passport后，有一个步骤将Passport:routes()添加到AuthServiceProvider.当我运行route:list时，它将显示所有使用Web和auth中间件的新路由.

After installed Passport, there's a step to add Passport:routes() to AuthServiceProvider. When I run route:list it will show the new routes are all using web and auth middleware.

我的问题是，为什么这些护照使用Web中间件进行路由?据我了解，Passport应该适用于无状态API身份验证，但Web中间件却不能.

My question is why these passport routes using web middleware? For my understand Passport should work for stateless APIs authentication, but web middleware is not.

推荐答案

我也面临着这个问题，直到我意识到对护照的工作原理的理解是错误的.

I was facing this problem too until I realized my understanding of the working principle of passport is wrong.

Passport是关于在获得该用户同意的情况下向客户端应用程序授予该用户的数据(这是OAuth2的工作方式).因此，当客户端应用尝试获取最终将授予该用户数据访问权限的访问令牌时，必须征得该用户的同意. Web中间件充当获得该用户同意的层.要签署同意书，用户必须先登录，否则将无法证明它是实际用户.

Passport is about granting a client application the data of a user with the consent of that user (which is how OAuth2 works). So when a client app is trying to get the access-token that will eventually grant access to the data of that user, the consent of that user must be taken. The web middleware acts as a layer to take the consent of that user. To sign the consent the user must login first or there is will be no proof that it is an actual user.

为更好地理解，请考虑您的应用尝试实现使用Google登录"功能的情况.您在登录页面上放置了一个重定向到Google的按钮，重定向后，用户登录其Google帐户，签署同意书，并使用授权码重定向回您的应用程序.就是这样，这里Google是您正在构建的应用程序，另一个应用程序是客户端应用程序.

To understand better, consider a scenario where your app is trying to implement the "Sign in with Google" feature. You put a button that redirects to Google in your login page, after redirecting, the user login into their Google account, sign a consent and gets redirected back to your app with an authorization code. This is just like that, here Google is the app you are building and the other app is the client app.

如果进行实际的实施，仍然是理解这一点的最佳方法.只需在laravel中创建一个新应用，然后将此代码放入route/web.php文件中即可.

Still the best way to understand this if do a practical implementation. Just create a new app in laravel and put this code in the routes/web.php file.

Route::get('/redirect', function () {
    $query = http_build_query([
        'client_id' => 'YOUR APP'S CLIENT ID',
        'redirect_uri' => 'THE CALLBACK YOU GAVE DURING CREATING THE CLIENT',
        'response_type' => 'code',
        'scope' => '',
    ]);

    return redirect('http://your-app.com/oauth/authorize?'.$query);
});

然后使用/redirect路线访问新应用.确保主应用程序也正在运行.

Then visit the new app with the /redirect route. Make sure you main app is running too.

这篇关于Laravel 5.3 Passport路由正在使用Web中间件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！