Laravel Passport 密码授予刷新令牌
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45851673/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel Passport Password Grant Refresh Token
提问by Chris
Trying to wrap my head around using Laravel's Passport with mobile clients. The Password Grant type of authentication seems to be the way to go, and i have it working with my iOS app, however i can't get token refreshing to work.
试图在移动客户端上使用 Laravel 的 Passport。密码授予类型的身份验证似乎是要走的路,我让它与我的 iOS 应用程序一起使用,但是我无法使令牌刷新工作。
When authenticating i get a tokenand a refresh tokenwhich i store, however when the token expires, calling the oauth/token/refreshroute doesn't work. The route is using the webmiddleware which means my app using the api route can't access it. I'm not sure if they intended for mobile clients to never refresh or if they wanted you to roll your own refreshing? If anyone has insight on how this is supposed to work, that'd be great.
进行身份验证时,我会得到 atoken和 arefresh token我存储的,但是当令牌过期时,调用oauth/token/refresh路由不起作用。该路由正在使用web中间件,这意味着我使用 api 路由的应用程序无法访问它。我不确定他们是否打算让移动客户端永不刷新,或者他们是否希望您自己刷新?如果有人对这应该如何工作有见解,那就太好了。
回答by patricus
The oauth/token/refreshroute is not for refreshing access tokens. It is used to refresh transient tokens, which are used when you consume your own API from your javascript.
该oauth/token/refresh路由不是用于刷新访问令牌。它用于刷新瞬态令牌,当您从 javascript 使用自己的 API 时会使用这些令牌。
To use your refresh_tokento refresh your access token, you need to call the oauth/tokenroute with the grant_typeof refresh_token.
要使用您refresh_token刷新访问令牌,您需要oauth/token使用grant_typeof调用路由refresh_token。
This is the example provided by the documentation:
这是文档提供的示例:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
One note about scopes, when you refresh the token, you can only obtain identical or narrower scopes than the original access token. If you attempt to get a scope that was not provided by the original access token, you will get an error.
关于范围的一个注意事项,当您刷新令牌时,您只能获得与原始访问令牌相同或更窄的范围。如果您尝试获取原始访问令牌未提供的范围,您将收到错误消息。
回答by usama muneer
I've done something like.
我做过类似的事情。
- Created an endpoint for grant refresh token.
- 为授予刷新令牌创建了一个端点。
and in my controller,
在我的控制器中,
public function userRefreshToken(Request $request)
{
$client = DB::table('oauth_clients')
->where('password_client', true)
->first();
$data = [
'grant_type' => 'refresh_token',
'refresh_token' => $request->refresh_token,
'client_id' => $client->id,
'client_secret' => $client->secret,
'scope' => ''
];
$request = Request::create('/oauth/token', 'POST', $data);
$content = json_decode(app()->handle($request)->getContent());
return response()->json([
'error' => false,
'data' => [
'meta' => [
'token' => $content->access_token,
'refresh_token' => $content->refresh_token,
'type' => 'Bearer'
]
]
], Response::HTTP_OK);
}
