Laravel的护照是什么? [英] What is Passport in Laravel?
问题描述
我是Web服务的入门者.我必须使用用于移动应用程序的Laravel来制作API.在 Laravel 文档中,我有 API Authentication (Passport).我试图理解这一点,但不清楚.
有人能详细告诉我吗?
预先感谢
好吧,,
如果进入简介"选项卡,则在您自己共享的文档中有一个很好的简介.我想您知道RESTfull API对吗?如果您不此处.因此,由于其余API不使用会话(在PHP中您知道这一点),因此所有API调用都将是无状态的(会话较少).因此,您将需要一种身份验证机制来验证客户端实际上就是他所说的那个人.这就是Authentication方法的用处,该oauth服务专门用于在处理REST无状态会话时冲突此问题.
如果您听说过令牌,它的作用是,当用户稍后注册并登录时,登录时,将通过数据库检查该用户的登录详细信息,以及该用户是否如果已通过身份验证(用户名和密码匹配),则将生成一个令牌.此令牌有点像会话,但最酷的部分是它位于客户端计算机上.所以这有点像会话详细信息留在客户端.因此在发出REST请求时,此令牌将与请求中的标头一起传递.
**
现在的令牌生成机制
**
您可能想知道现在这真的很容易被破解.不,不是,因为现在假设您有一个包含此数据的客户端令牌
{用户名:"JhonSnow",电子邮件:"winteriscomming@gmail.com",类型:用户"} 现在,首先使用 base64url 编码对该令牌进行加密.好了,现在可以使用base64解码器了.但是,令人敬畏的是,即使攻击者可以从令牌中获取此信息,他也将无法升级具有这种特权的应用程序
类型:用户"
到
`type:"admin"
`因为可以使用0-auth提供的服务器端身份验证机制来检查该会话(如令牌的完整性),这就是为什么它在Web开发中很普遍并且很流行.现在我之前提到过令牌的详细结构,这有点复杂.它更像这样
标题:{"alg":"HS256","typ":"JWT"},有效载荷:{"sub":"1234567890","name":"John Doe","iat":1516239022} 现在使用此详细信息,将生成令牌..
<预> <代码> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.he0ErCNloe4J7Id0Ry2SEDg09lKkZkfsRiGsdX_vgEg如果仔细观察,您会发现此令牌中有3."(句点),这是为了区分标头,有效负载和签名,最后一部分是服务器将使用服务器的秘密对其进行检查的部分.或称为验证此令牌的签名是否为有效令牌
I am a starter of web services. I have to make APIs using Laravel for mobile application. In the Laravel documentation, I have got API Authentication (Passport). I am trying to understand that but not clear.
Can anyone tell me about it in details?
Thanks in advance
well here it is,
In the documentation that you shared itself has a pretty good introduction if you go the introduction tab. I think you know what a RESTfull API right? If you don't here. So since rest APIs don't use sessions (in PHP you know this), all API calls will be stateless( session less).so you will need a authentication mechanism to verify the client is actually who he say he is. That's where this Authentication method comes in, this oauth service is specifically designed to conflict this issue when dealing with REST stateless sessions..
What this does is if you have heard of tokens, When a user registers and logs in later, ath the time of the login the user's login details will be checked with the database and if the user is authenticated( username and password matched) then a token will be generated.. this token is somewhat like a session but the cool part is this rests on a client machine. so this is somewhat like a session details that stays on the client side. so at the time of a REST request, this token will be passed along with the header on the request.
**
now generating mechanism of token
**
you might be wondering now this must be really a piece of cake to hack then. No it's not, Because now let's say you have a client side token including this data
{
username:"JhonSnow",
email:"winteriscomming@gmail.com",
type:"user"
}
now firstly this token is encrypted using base64url encoding. Ok now this can be revered using base64 decoder. But the awesome part is even if the attacker can gain this information from the token, he will not be able to escalate the application privileged like this
type:"user"
to
`type:"admin"
` because this session like token's integrity can be checked using server side authentication mechanism provided by 0-auth that's why this is commonly used and very popular in web development. Now I mentioned before how the token is structured by in detail, its a little complicated that that. its more like this
header:{
"alg": "HS256",
"typ": "JWT"
},
payload:{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
now using this details, the token will be generated.. like this
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.he0ErCNloe4J7Id0Ry2SEDg09lKkZkfsRiGsdX_vgEg
if you look closely you can see that there are 3 " . "(period) in this token, that's to differentiate the header , payload, and the signature the last part is the one the server will check it with the server's secret or known as the signature to validate this token is a valid token or not
这篇关于Laravel的护照是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
