如何将 Laravel Passport 与密码授予令牌一起使用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/50848892/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use Laravel Passport with Password Grant Tokens?
提问by JohnnyAce
I just read the https://laravel.com/docs/5.6/passportdocumentation and I have some doubts that hopefully someone could help me with:
我刚刚阅读了https://laravel.com/docs/5.6/passport文档,我有一些疑问,希望有人可以帮助我:
First, some context, I want to use Passport as a way to provide Oauth authentication for my mobile app (first-party app).
首先,在某些情况下,我想使用 Passport 作为为我的移动应用程序(第一方应用程序)提供 Oauth 身份验证的一种方式。
When I use
php artisan passport:client --passwordI get back a Client ID and a Client Secret. Does this value have to be fixed on my app? for example storing them hardcoded or as a "settings" file? If the values shouldn't be stored then how should it work?To register a user to my app I use:
$user->createToken('The-App')->accessToken;I get that the accessToken will be the one used for sending on all my requests as a Header (Authorization => Bearer $accessToken) but what exactly is "The-App" value for?For login the user I'm using the URL: http://example.com/oauth/tokenand sending as parameters:
{ "username": "[email protected]", "password": "userpassword", "grant_type": "password", "client_id": 1, // The Client ID that I got from the command (question 1) "client_secret": "Shhh" // The Client Secret that I got from the command (question 1) }
When I login the user using the previous endpoint I get back a refresh_token, I read that I could refresh the token through http://example.com/oauth/token/refreshbut I try to request the refresh I got Error 419, I removed the url oauth/token/refresh from the csrf verification and now I get back
"message": "Unauthenticated.", I'm making the following request:Content-Type: x-www-form-urlencoded grant_type: refresh_token refresh_token: the-refresh-token // The Refresh Token that I got from the command (question 3) client_id: 1 // The Client ID that I got from the command (question 1) client_secret: Shhh // The Client Secret that I got from the command (question 1) scope: ''
当我使用时,
php artisan passport:client --password我会得到一个客户端 ID 和一个客户端密码。这个值是否必须固定在我的应用程序上?例如将它们存储为硬编码或作为“设置”文件?如果不应该存储这些值,那么它应该如何工作?要将用户注册到我使用的应用程序:
$user->createToken('The-App')->accessToken;我知道 accessToken 将用于将我的所有请求作为标题(授权 => Bearer $accessToken)发送,但“The-App”值究竟是什么?对于登录用户,我使用 URL:http: //example.com/oauth/token并作为参数发送:
{ "username": "[email protected]", "password": "userpassword", "grant_type": "password", "client_id": 1, // 我从命令中得到的客户端 ID(问题 1) "client_secret": "Shhh" // 我从命令中得到的 Client Secret(问题 1)}
当我使用前一个端点登录用户时,我得到一个 refresh_token,我读到我可以通过http://example.com/oauth/token/refresh刷新令牌,但我尝试请求刷新我收到错误 419,我从 csrf 验证中删除了 url oauth/token/refresh,现在我回来了
"message": "Unauthenticated.",我提出以下请求:Content-Type: x-www-form-urlencoded grant_type: refresh_token refresh_token: the-refresh-token // 我从命令中得到的刷新令牌(问题 3) client_id: 1 // 我从命令中得到的客户端 ID (问题 1) client_secret: Shhh // 我从命令中得到的客户端密钥 (问题 1) scope: ''
Should I use this endpoint? or is not necessary given the app I'm trying to develop.
我应该使用这个端点吗?或者没有必要考虑到我正在尝试开发的应用程序。
- Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example:
oauth/clients*,oauth/personal-access-tokens*is there a way to remove them from the endpoints published by passport?
- 最后,有很多终点,我从护照,我不认为我会如使用得到的:
oauth/clients*,oauth/personal-access-tokens*是有办法从护照公布的端点删除它们?
Thanks a lot for your help!
非常感谢你的帮助!
回答by rkj
If you are consuming your own api then you don't need to call http://example.com/oauth/tokenfor user login because then you need to store client_id and client_secret at app side. Better you create an api for login and there you can check the credentials and generate the personal token.
如果您使用自己的 api,则无需调用 http://example.com/oauth/token进行用户登录,因为这样您就需要在应用端存储 client_id 和 client_secret。最好创建一个用于登录的 api,然后您可以检查凭据并生成个人令牌。
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
$user = Auth::user();
$token = $user->createToken('Token Name')->accessToken;
return response()->json($token);
}
}
Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example: oauth/clients*, oauth/personal-access-tokens* is there a way to remove them from the endpoints published by passport?
最后,我从护照中获得了很多我认为不会使用的端点,例如: oauth/clients*, oauth/personal-access-tokens* 有没有办法从发布的端点中删除它们护照?
You need to remove Passport::routes();from AuthServiceProvider and manually put only required passport routes. I think you only need oauth/tokenroute.
您需要Passport::routes();从 AuthServiceProvider 中删除并手动仅放置所需的护照路线。我认为你只需要oauth/token路线。
what exactly is "The-App" value for?
“The-App”的价值究竟是什么?
if you check oauth_access_tokenstable it has name field. $user->createToken('Token Name')->accessToken;here the "Token Name"stored in name field.
如果您检查oauth_access_tokens表,它有名称字段。$user->createToken('Token Name')->accessToken;这里存储在名称字段中的“令牌名称”。
How to use Laravel Passport with Password Grant Tokens?
如何将 Laravel Passport 与密码授予令牌一起使用?
To generate password grant token you have to store client_idand client_secretat app side (not recommended, check this) and suppose if you have to reset the client_secretthen the old version app stop working, these are the problems. To generate password grant token you have to call this api like you mention in step 3.
要生成密码授予令牌,您必须存储client_id并client_secret在应用程序端(不推荐,请检查此)并假设您必须重置client_secret旧版本应用程序停止工作,这些就是问题。要生成密码授予令牌,您必须像步骤 3 中提到的那样调用此 api。
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => '[email protected]',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
Generate token from
refresh_token
从生成令牌
refresh_token
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
You can look this https://laravel.com/docs/5.6/passport#implicit-grant-tokenstoo.
你也可以看看这个https://laravel.com/docs/5.6/passport#implicit-grant-tokens。
回答by Dan White
Tackling Question 5
解决问题 5
Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example:
oauth/clients*,oauth/personal-access-tokens*is there a way to remove them from the endpoints published by passport?
最后,有很多终点,我从护照,我不认为我会如使用得到的:
oauth/clients*,oauth/personal-access-tokens*是有办法从护照公布的端点删除它们?
Passport::routes($callback = null, array $options = [])takes an optional $callbackfunction and optional $optionsargument.
Passport::routes($callback = null, array $options = [])采用可选$callback函数和可选$options参数。
The callback function takes a $routerargument from which you can then choose which routes to install as shown below in your AuthServiceProvider.phpthat is enabling a more granular configuration:
回调函数接受一个$router参数,然后您可以从中选择要安装的路由,如下所示AuthServiceProvider.php,启用更精细的配置:
Passport::routes(function ($router) {
$router->forAccessTokens();
$router->forPersonalAccessTokens();
$router->forTransientTokens();
});
Passport::tokensExpireIn(Carbon::now()->addMinutes(10));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(10));
This way we only create the passport routes that we need.
这样我们只创建我们需要的护照路线。
forAccessTokens(); enable us to create access tokens. forPersonalAccessTokens(); enable us to create personal tokens although we will not use this in this article. Lastly,
forTransientTokens(); creates the route for refreshing tokens.
forAccessTokens(); 使我们能够创建访问令牌。forPersonalAccessTokens(); 使我们能够创建个人令牌,尽管我们不会在本文中使用它。最后,
forTransientTokens(); 创建用于刷新令牌的路由。
If you run php artisan route:listyou can see the new endpoints installed by Laravel Passport.
如果您运行,php artisan route:list您可以看到 Laravel Passport 安装的新端点。
| POST | oauth/token | \Laravel\Passport\Http\Controllers\AccessTokenController@issueToken
| POST | oauth/token/refresh | \Laravel\Passport\Http\Controllers\TransientTokenController@refresh
