Api接口实战:接收Request请求Bearer令牌参数
12 / 0 / 创建于 2年前 /
PHPer技术栈 的个人博客
HTTP Request 请求示例
HTTP 请求信息
Request Headers请求头
- method: GET http协议请求方式
- path: /auth/token 请求路径|接口地址
- *accept: / * 浏览器可接受的MIME类型
- accept-encoding: gzip, deflate 浏览器能够进行解码的数据编码方式
- accept-language: zh-TW,zh-CN;q=0.9,zh;q=0.8 浏览器所希望的语言种类
- authorization: 授权信息,通常出现在对服务器发送的WWW-Authenticate头的应答中
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wveW91cWlhbmFjYzUua2p4dC5jb21cL21hbmFnZVwvdjJcL2dldF9tZXNzYWdlX25vdGljZSIsImlhdCI6MTY1NTQ0ODI2MywiZXhwIjoxNjU1NTM0NzcwLCJuYmYiOjE2NTU1MTMxNzAsImp0aSI6IkZCUW9zWjh6MzQ4YW9OVnoiLCJzdWIiOjI1MDksInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.6KGlchjdbiz33DxaB09xGFyzZVU1eTeDXsySi80lt4s
Bearer 是授权的类型,常见的授权类型有:
- Basic 用于 http-basic 认证;
- Bearer 常见于 OAuth 和 JWT 授权;
- Digest MD5 哈希的 http-basic 认证
- AWS4-HMAC-SHA256 授权
- cookie: li_first_access_time=1652146348; 最重要的请求头信息之一,当前浏览器会话cookie
- referer: localhost:9528/ 用户从该URL代表的页面出发访问当前请求的页面
- sec-ch-ua: “ Not A;Brand”;v=”99”, “Chromium”;v=”102”, “Google Chrome”;v=”102”
- user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 浏览器类型|版本|操作系统信息
Response Headers 响应头
- cache-control: no-cache, private 告诉所有的缓存机制是否可以缓存及哪种类型
- content-encoding: gzip 服务器支持的返回内容压缩编码类型
- content-type: application/json 返回内容的MIME类型
- date: Sat, 18 Jun 2022 03:09:39 GMT 原始服务器消息发出的时间
- strict-transport-security: max-age=15724800; includeSubDomains
- vary: Accept-Encoding 告诉下游代理是使用缓存响应还是从原始服务器请求
Client Request 请求的JWT令牌,包含在请求标头中,例如:
'Authorization' => 'Bearer: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4'我想获得此令牌并验证它:这是我正在尝试的内容:
$token = $request->header('Authorization');
这就是我得到的:
"Authorization: Bearer: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4"
接下来我们就来抓取"Authorization: Bearer"的令牌
方法1
通过request()方法获取header(‘Authorization’)
$header = \request()->header('Authorization');"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4"发现返回值带有“Bearer”标头,通过去掉字符串前7位,就能得到 token 的字符串信息
use Illuminate\Support\Str;
public function bearerToken()
{
$header = \request()->header('Authorization');
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}方法2
经过对laravel的研究发现,在InteractsWithInput类中有封装好的处理方法,源码如下:
/**
* Get the bearer token from the request headers.
*
* @return string|null
*/
public function bearerToken()
{
$header = $this->header('Authorization', '');
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}我们发现这个实现方式与方法1一模一样,所以,我们可以直接调用InteractsWithInput::bearerToken(),实现Authorization抓取并处理Bearer
$header = \request()->bearerToken();最终得到的结果:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4通过token鉴权和验证,就可以正常请求api接口了,下一期给大家分享token生成和鉴权验证。
注:laravel版本5.8
欢迎关注我的公众号
本作品采用《CC 协议》,转载必须注明作者和本文链接
关于 LearnKu
粤公网安备 44030502004330号