为什么客户端凭据应该与 Laravel Passport 中的用户相关联?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/43706309/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why should Client Creadentials be associated with a user in Laravel Passport?
提问by Meena Alfons
I want to use Client Credentials to authenticate client applications to access the API.
我想使用客户端凭据对客户端应用程序进行身份验证以访问 API。
My problem is with creating client credentials. Using php artisan passport:clientrequires me to enter a user_id to associate the client to that user. I don't get it. Why the client application has to be associated to a user?! Or Is there another way?
我的问题是创建客户端凭据。使用php artisan passport:client要求我输入 user_id 以将客户端与该用户关联。我不明白。为什么客户端应用程序必须与用户相关联?!或者还有其他方法吗?
passport:client command only supports creating Password Grant Clients and Personal Grant Client. I don't think that any of them is what I need.
passport:client 命令只支持创建 Password Grant Client 和 Personal Grant Client。我不认为他们中的任何一个是我需要的。
What I really need is to create client credentials that will only be used by the client application to authorize itself to access some APIs. How to do that?
我真正需要的是创建仅由客户端应用程序使用的客户端凭据来授权自己访问某些 API。怎么做?
采纳答案by Raldo94
I assume you want to use machine-to-machine authentication (no user interactions)
我假设您想使用机器对机器身份验证(无用户交互)
I would recommend to read through the docs a couple of times to get the hang of it.
我建议通读文档几次以掌握它的窍门。
I do not believe there is an specific way to create an only client credentials client, What i do is to create an personal client then change the field for personal client in the database personal_access_client1=> 0
我不相信有一种特定的方法可以创建唯一的客户端凭据客户端,我所做的是创建一个个人客户端,然后更改数据库中个人客户端的字段personal_access_client1=>0
You could use the personal client option, as seen from the --helpoption
您可以使用个人客户端选项,从--help选项中可以看出
Usage:
passport:client [options]
Options:
--personal Create a personal access token client
--password Create a password grant client
--name[=NAME] The name of the client
-h, --help Display this help message
...
php artisan passport:client --personal
php artisan passport:client --personal
output
输出
Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy
You would need to use another middleware other then the default one because there is no user present when using this method
您需要使用另一个中间件而不是默认中间件,因为使用此方法时没有用户存在
- Define client credentials alias middleware in kernel
- Add middleware to route
- Send request
- 在内核中定义客户端凭据别名中间件
- 将中间件添加到路由
- 发送请求
Define client credentials middleware to the http kernel
为 http 内核定义客户端凭据中间件
Class \App\Http\Kernel:
班级\App\Http\Kernel:
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
//ommited
];
Define middleware on route
在路由上定义中间件
Route::get('/test', 'ApiTestController@test')->middleware('client_credentials');
Class \App\Http\Controllers\ApiTestController:
班级\App\Http\Controllers\ApiTestController:
public function test() {
return response()->json(['data' => 'hey'] );
}
From php artisan route:list
从 php artisan route:list
GET|HEAD | api/test | App\Http\Controllers\ApiTestController@test | api,client_credentials |
Send request
发送请求
Following the specified request in the documentation on client-credentials-grant-tokens
按照 client-credentials-grant-tokens 文档中的指定请求
I use Postman for simplicity, easily send test request with Postman (www.getpostman.com)
为了简单起见,我使用 Postman,使用 Postman (www.getpostman.com) 轻松发送测试请求
Set authorization to OAuth 2.0, image: Postman authentication
设置授权为OAuth 2.0,图片:邮递员认证
Set access token URL, client id, client secret and grant type to 'Client Credentials', image: Postman OAuth Fields
将访问令牌 URL、客户端 ID、客户端密码和授权类型设置为“客户端凭据”,图片:邮递员 OAuth 字段
Postman creates an token and appends it to URL or Header, in this case header
Postman 创建一个令牌并将其附加到 URL 或 Header,在本例中为 header
Accept:application/json
Authorization:Bearer eyJ0eXAiOi...KCjK0
Response:
回复:
{
"data": "hey"
}
回答by waaffles
I was gonna comment but I don't have enough reputation yet =p
我要评论,但我还没有足够的声誉=p
You could give the command a name parameter that won't require any user input. As far as how you would get that client secret over to your client without manual intervention is where the real wizardry would come in.
您可以为命令提供一个不需要任何用户输入的名称参数。至于如何在没有人工干预的情况下将客户端秘密传递给您的客户,这才是真正的魔法出现的地方。
php artisan passport:client --personal --name={someName}That command would still give you:
该命令仍然会给你:
Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy
as expected.
正如预期的那样。
