Laravel Passport API 認證使用小結
看到Laravel-China社區常有人問Laravel Passport用於密碼驗證方式來獲取Token的問題,恰好我最近一個API項目使用Laravel Dingo Api+Passport,也是使用Oauth2 的'grant_type' => 'password'密碼受權來作Auth驗證,對於如何作登陸登出,以及多帳號系統的認證等經常使用場景作一下簡單的使用小總結。php
基本配置
基本安裝配置主要參照官方文檔,具體不詳細說,列出關鍵代碼段laravel
config/auth.phpjson
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => \App\Models\User::class
],
],
Providers/AuthServiceProvider.phpapi
public function boot()
{
$this->registerPolicies();
//默認令牌發放的有效期是永久
//Passport::tokensExpireIn(Carbon::now()->addDays(2));
//Passport::refreshTokensExpireIn(Carbon::now()->addDays(4));
Passport::routes(function (RouteRegistrar $router) {
//對於密碼受權的方式只要這幾個路由就能夠了
config(['auth.guards.api.provider' => 'users']);
$router->forAccessTokens();
});
}
Middleware/AuthenticateApi.php 自定義中間件返回app
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Auth\Middleware\Authenticate;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
class AuthenticateApi extends Authenticate
{
protected function authenticate(array $guards)
{
if ($this->auth->guard('api')->check()) {
return $this->auth->shouldUse('api');
}
throw new UnauthorizedHttpException('', 'Unauthenticated');
}
}
App/Http/Kernel.phpide
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'api-auth' => AuthenticateApi::class,
......
];
}
帳號驗證字段不止郵箱
對於帳號驗證不止是數據表中的emial字段,還多是用戶名或者手機號字段只須要在User模型中添加findForPassport方法,示例代碼以下:post
AppModelsUsersthis
class User extends Authenticatable implements Transformable
{
use TransformableTrait, HasApiTokens, SoftDeletes;
public function findForPassport($login)
{
return $this->orWhere('email', $login)->orWhere('phone', $login)->first();
}
}
客戶端獲取access_token請求只傳用戶名和密碼
對於密碼受權的方式須要提交的參數以下:spa
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor@laravel.com',
'password' => 'my-password',
'scope' => '',
],
]);
可是客戶端請求的時候不想把grant_type,client_id,client_secret,scope放到請求參數中或者暴露給客戶端,只像JWT同樣只發送username和password 怎麼辦?很簡單咱們只要將不須要請求的放到配置文件中,而後客戶端請求用戶名密碼之後咱們再向oauth/token發送請求帶上相關的配置就能夠了。code
.env.php
OAUTH_GRANT_TYPE=password OAUTH_CLIENT_ID=1 OAUTH_CLIENT_SECRET=EvE4UPGc25TjXwv9Lmk432lpp7Uzb8G4fNJsyJ83 OAUTH_SCOPE=*
config/passport.php 固然該配置你能夠配置多個client
return [
'grant_type' => env('OAUTH_GRANT_TYPE'),
'client_id' => env('OAUTH_CLIENT_ID'),
'client_secret' => env('OAUTH_CLIENT_SECRET'),
'scope' => env('OAUTH_SCOPE', '*'),
];
LoginController.php的示例代碼以下,由於用了Dingo Api配置了api前綴,因此請求/api/oauth/token
/**
* 獲取登陸TOKEN
* @param LoginRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function token(LoginRequest $request)
{
$username = $request->get('username');
$user = User::orWhere('email', $username)->orWhere('phone', $username)->first();
if ($user && ($user->status == 0)) {
throw new UnauthorizedHttpException('', '帳號已被禁用');
}
$client = new Client();
try {
$request = $client->request('POST', request()->root() . '/api/oauth/token', [
'form_params' => config('passport') + $request->only(array_keys($request->rules()))
]);
} catch (RequestException $e) {
throw new UnauthorizedHttpException('', '帳號驗證失敗');
}
if ($request->getStatusCode() == 401) {
throw new UnauthorizedHttpException('', '帳號驗證失敗');
}
return response()->json($request->getBody()->getContents());
}
退出登陸並清除Token
對於客戶端退出後並清除記錄在oauth_access_tokens表中的記錄,示例代碼以下:
/**
* 退出登陸
*/
public function logout()
{
if (\Auth::guard('api')->check()) {
\Auth::guard('api')->user()->token()->delete();
}
return response()->json(['message' => '登出成功', 'status_code' => 200, 'data' => null]);
}
根據用戶ID認證用戶
app('auth')->guard('api')->setUser(User::find($userId));
多用戶表(多Auth)認證
好比針對客戶表和管理員表分別作Auth認證的狀況,也列出關鍵代碼段:
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'admin_api' => [
'driver' => 'passport',
'provider' => 'admin_users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => \App\Models\User::class
],
'admin_users' => [
'driver' => 'eloquent',
'model' => \App\Models\AdminUser::class
],
],
新建一個PasspordAdminServiceProvider來實現咱們本身的PasswordGrant,別忘了添加到config/app.php的providers配置段中
AppProviders/PasspordAdminServiceProvider
<?php
namespace App\Providers;
use App\Foundation\Repository\AdminUserPassportRepository;
use League\OAuth2\Server\Grant\PasswordGrant;
use Laravel\Passport\PassportServiceProvider as BasePassportServiceProvider;
use Laravel\Passport\Passport;
class PasspordAdminServiceProvider extends BasePassportServiceProvider
{
/**
* Create and configure a Password grant instance.
*
* @return PasswordGrant
*/
protected function makePasswordGrant()
{
$grant = new PasswordGrant(
//主要是這裏,咱們調用咱們本身UserRepository
$this->app->make(AdminUserPassportRepository::class),
$this->app->make(\Laravel\Passport\Bridge\RefreshTokenRepository::class)
);
$grant->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
return $grant;
}
}
新建AdminUserPassportRepository,Password的驗證主要經過getUserEntityByUserCredentials,它讀取配置的guards對應的provider來作認證,咱們重寫該方法,經過傳遞一個參數來告訴它咱們要用哪一個guard來作客戶端認證
<?php
namespace App\Foundation\Repository;
use App;
use Illuminate\Http\Request;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Bridge\User;
use RuntimeException;
class AdminUserPassportRepository extends UserRepository
{
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
{
$guard = App::make(Request::class)->get('guard') ?: 'api';//其實關鍵的就在這裏,就是經過傳遞一個guard參數來告訴它咱們是使用api仍是admin_api provider來作認證
$provider = config("auth.guards.{$guard}.provider");
if (is_null($model = config("auth.providers.{$provider}.model"))) {
throw new RuntimeException('Unable to determine user model from configuration.');
}
if (method_exists($model, 'findForPassport')) {
$user = (new $model)->findForPassport($username);
} else {
$user = (new $model)->where('email', $username)->first();
}
if (!$user) {
return;
} elseif (method_exists($user, 'validateForPassportPasswordGrant')) {
if (!$user->validateForPassportPasswordGrant($password)) {
return;
}
} elseif (!$this->hasher->check($password, $user->password)) {
return;
}
return new User($user->getAuthIdentifier());
}
}
登陸和單用戶系統同樣,只是在請求oauth/token的時候帶上guard參數,示例代碼以下:
Admin/Controllers/Auth/LoginController.php
<?php
namespace Admin\Controllers\Auth;
use Admin\Requests\Auth\LoginRequest;
use App\Http\Controllers\Controller;
use App\Models\AdminUser;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* 獲取登陸TOKEN
* @param LoginRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function token(LoginRequest $request)
{
$username = $request->get('username');
$user = AdminUser::orWhere('email', $username)->orWhere('phone', $username)->first();
if ($user && ($user->status == 0)) {
throw new UnauthorizedHttpException('', '帳號已被禁用');
}
$client = new Client();
try {
$request = $client->request('POST', request()->root() . '/api/oauth/token', [
'form_params' => config('passport') + $request->only(array_keys($request->rules())) + ['guard' => 'admin_api']
]);
} catch (RequestException $e) {
throw new UnauthorizedHttpException('', '帳號驗證失敗');
}
if ($request->getStatusCode() == 401) {
throw new UnauthorizedHttpException('', '帳號驗證失敗');
}
return response()->json($request->getBody()->getContents());
}
/**
* 退出登陸
*/
public function logout()
{
if (\Auth::guard('admin_api')->check()) {
\Auth::guard('admin_api')->user()->token()->delete();
}
return response()->json(['message' => '登出成功', 'status_code' => 200, 'data' => null]);
}
}
轉載請註明: 轉載自Ryan是菜鳥 | LNMP技術棧筆記
若是以爲本篇文章對您十分有益,何不 打賞一下
本文連接地址: Laravel Passport API 認證使用小結
相關文章
- 1. Laravel Passport API 認證使用小結
- 2. 使用 laravel Passport 作 API 認證
- 3. Laravel 使用 Passport 進行API認證
- 4. 使用 Laravel Passport 處理 API 認證
- 5. 使用Laravel/Passport 進行API認證二
- 6. Laravel——Api認證之Passport使用
- 7. Laravel Oauth2認證 - Passport
- 8. Laravel 5.5 使用 Passport 實現 Auth 認證
- 9. laravel/passport實現API認證(Laravel5.6)
- 10. Laravel使用Passport來建立API用戶認證
- 更多相關文章...
- • TortoiseSVN 使用教程 - SVN 教程
- • Docker 容器使用 - Docker教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Laravel Passport API 認證使用小結
- 2. 使用 laravel Passport 作 API 認證
- 3. Laravel 使用 Passport 進行API認證
- 4. 使用 Laravel Passport 處理 API 認證
- 5. 使用Laravel/Passport 進行API認證二
- 6. Laravel——Api認證之Passport使用
- 7. Laravel Oauth2認證 - Passport
- 8. Laravel 5.5 使用 Passport 實現 Auth 認證
- 9. laravel/passport實現API認證(Laravel5.6)
- 10. Laravel使用Passport來建立API用戶認證