使用 Laravel 7.x 的 Passport 来为 REST API 提供一个完整的 OAuth2 认证服务,第一部分
步骤1.安装Laravel
使用此命令,我们安装laravel
laravel new website
步骤2.安装Laravel Passport软件包和Guzzle
Laravel Passport提供了完整的OAuth2服务器实现
composer require laravel/passport
composer require guzzlehttp/guzzle
composer require symfony/psr-http-message-bridge
步骤3.运行以下命令以修复存储权限
sudo chown -R $USER:www-data storage
sudo chmod -R 775 storage
步骤4.运行迁移
创建您的应用程序存储客户端和访问令牌所需的表
php artisan migrate
步骤5. 生成密钥
通过这个命令,你可以创建 “个人访问”和 “密码授予”,你需要它们来生成访问令牌。
php artisan passport:install
步骤6. 添加Trait到User类
这个trait里有一些辅助方法
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable #chenged
{
use Notifiable, HasApiTokens; #changed
...
步骤6. 调用Passport路由,并添加一些配置。
在你的AuthServiceProvider的boot方法中调用Passport:::routes方法,然后像如下这样更改token的过期时间
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;
use Carbon\Carbon;
class AuthServiceProvider extends ServiceProvider
{
/**
* 策略映射。
*
* @var array
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* 注册任何认证/授权服务。
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(1));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(10));
}
}
步骤 7. 最后更改 Api 驱动
您需要像这样在 config/auth.php 中更改 api 驱动
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
步骤 8. 创建 API 路由
<?php
use Illuminate\Support\Facades\Route;
Route::post('login', 'UserController@login');
Route::post('register', 'UserController@register');
步骤9. 创建控制器
php artisan make:controller UserController
步骤10. 完善控制器
<?php
namespace App\Http\Controllers;
use App\User;
use Validator;
use Exception;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Laravel\Passport\Client as OClient;
class UserController extends Controller
{
public $successStatus = 200;
public function login() {
if (Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
$oClient = OClient::where('password_client', 1)->first();
return $this->getTokenAndRefreshToken($oClient, request('email'), request('password'));
}
else {
return response()->json(['error'=>'Unauthorised'], 401);
}
}
public function register(Request $request) {
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email|unique:users',
'password' => 'required',
'c_password' => 'required|same:password',
]);
if ($validator->fails()) {
return response()->json(['error'=>$validator->errors()], 401);
}
$password = $request->password;
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$oClient = OClient::where('password_client', 1)->first();
return $this->getTokenAndRefreshToken($oClient, $user->email, $password);
}
public function getTokenAndRefreshToken(OClient $oClient, $email, $password) {
$oClient = OClient::where('password_client', 1)->first();
$http = new Client;
$response = $http->request('POST', 'http://mylemp-nginx/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => $oClient->id,
'client_secret' => $oClient->secret,
'username' => $email,
'password' => $password,
'scope' => '*',
],
]);
$result = json_decode((string) $response->getBody(), true);
return response()->json($result, $this->successStatus);
}
}
步骤11. 测试
php artisan serve
步骤12.配置成功
您需要像这样先注册
然后您可以注册并再次提供令牌
在接下来的部分中,我们将建立一些需要 token 的专用路由,处理异常并实现刷新 token 方案
本文中的所有译文仅用于学习和交流目的,转载请务必注明文章译者、出处、和本文链接
我们的翻译工作遵照 CC 协议,如果我们的工作有侵犯到您的权益,请及时联系我们。
关于 LearnKu
粤公网安备 44030502004330号
推荐文章: