Laravel Passport代币生成 [英] Laravel Passport Token for Generation
本文介绍了Laravel Passport代币生成的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
首次尝试使用Passport Token系统.通过URL: http://localhost:8000/oauth/token ,访问令牌和刷新令牌可以是可用的.但是,无法在laravel控制器文件中使用oauth/token Post方法
Trying Passport Token System First Time. By URL: http://localhost:8000/oauth/token, Access token and Refresh token can be available. But, unable to use oauth/token Post method in laravel Controller file
一些链接: Laravel 5.6传递oauth/token挂
Guzzle无法向本地主机(端口:80、8000、8080等)发出GET请求
namespace App\Http\Controllers\api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Carbon\Carbon;
use App\User;
use GuzzleHttp\Client;
class AuthController extends Controller
{
public function login(Request $request)
{
$credentials = request(['email', 'password']);
$credentialsforToken = request(['email', 'password', 'grant_type', 'client_id', 'client_secret']);
if(!Auth::attempt($credentials))
return response()->json([
'message' => 'Unauthorized'
], 401);
//$user = $request->user();
//return $user;
$http = new Client();
$response = $http->post(url('oauth/token'), [
'form_params' => [
'grant_type' => $credentialsforToken['grant_type'],
'client_id' => $credentialsforToken['client_id'],
'client_secret' => $credentialsforToken['client_secret'],
'username' => $credentialsforToken['email'],
'password' => $credentialsforToken['password'],
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
}}```
Access token and Refresh token must be generated
推荐答案
请勿使用Guzzle HTTP创建内部请求,而是将请求转发至Passport路由,并且不要让用户发布安全性问题的客户端机密,并将其存储例如在以环境为背景的配置中
Do not use Guzzle HTTP to create internal requests, forward the request to Passport route instead, and do not let users post the client secret for security issues, store them in an env backed config for example
这就是我要怎么做
<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
/** @var Response $api_response Response returned from oauth */
public $api_response = null;
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
public function __construct(Request $request)
{
$request->request->add([
'username' => $request->email,
'grant_type' => 'password',
'client_id' => '2',
'client_secret' => config('passport.client_secret'),
'scope' => '',
]);
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
public function login(Request $request)
{
$validation = $this->validateLogin($request);
if ($validation->fails()) {
return response(['error' => $validation->errors()], 401);
}
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
/**
* Validate the user login request.
*
* @param \Illuminate\Http\Request $request
* @return void
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function validateLogin(Request $request)
{
return Validator::make($request->all(), [
$this->username() => 'required|string',
'password' => 'required|string',
]);
}
/**
* Attempt to log the user into the application.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function attemptLogin(Request $request)
{
// forward the request to the oauth token request endpoint
$res = Route::dispatch(request()->create('oauth/token', 'POST', $this->credentials($request)));
// Set api response for successful login
$this->api_response = json_decode($res->getContent());
// Return true or false based on response status code
return $res->getStatusCode() === 200 ? true : false;
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
return $request->only('email', 'password', 'grant_type', 'client_id', 'client_secret', 'scope');
}
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return mixed
*/
protected function authenticated(Request $request, $user)
{
return response()->json(['success' => $this->api_response], 200);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
*/
protected function sendFailedLoginResponse(Request $request)
{
return response([$this->username() => trans('auth.failed')], 401);
}
/**
* Send the response after the user was authenticated.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLoginResponse(Request $request)
{
$this->clearLoginAttempts($request);
return $this->authenticated($request, $this->guard()->user());
}
/**
* Log the user out of the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function logout(Request $request)
{
$request->user()->token()->revoke();
return $this->loggedOut($request);
}
}
这应该是一种功能齐全且安全的方法,希望对您有所帮助
This should be a fully functional and secure approach, I hope this helps
这篇关于Laravel Passport代币生成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
