我已经开始在Laravel 5中创建API。我使用bshaffer/oauth2-server-php实现了OAuth2。我按照Github页面链接到的指南:here。我能够很好地实现一切。
现在,当我使用此命令从服务器获取令牌时:
curl -u testclient:testpass "http://localhost:8000/oauth/token" -X POST -d "grant_type=password&username=bshaffer&password=brent123"
我得到了正确的答复:
{"access_token":"ebc6f2cc174f5b6b2ce8e134bc4520ba905c2695","expires_in":3600,"token_type":"Bearer","scope":null,"refresh_token":"b15ef7b5053f3195db7855e499db3af0592154e5"}
但是,当我尝试向受保护的页面发送请求时:
curl -u testclient:testpass "http://localhost:8000/private" -X POST -d "access_token=ebc6f2cc174f5b6b2ce8e134bc4520ba905c2695"
它返回:
{"error":"Unauthorized"}
现在我的路线是:
Route::post('private', function()
{
$bridgedRequest = OAuth2\HttpFoundationBridge\Request::createFromRequest(Request::instance());
$bridgedResponse = new OAuth2\HttpFoundationBridge\Response();
if (App::make('oauth2')->verifyResourceRequest($bridgedRequest, $bridgedResponse)) {
$token = App::make('oauth2')->getAccessTokenData($bridgedRequest);
return Response::json(array(
'private' => 'stuff',
'user_id' => $token['user_id'],
'client' => $token['client_id'],
'expires' => $token['expires'],
));
}
else {
return Response::json(array(
'error' => 'Unauthorized'
), $bridgedResponse->getStatusCode());
}
});
所以verifyResourceRequest返回false。我挖到了图书馆,这种方法看起来不错:
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response = null, $scope = null)
{
$this->response = is_null($response) ? new Response() : $response;
$value = $this->getResourceController()->verifyResourceRequest($request, $this->response, $scope);
return $value;
}
所以我回复了请求以查看其中的内容。我从Request::all()获得了此回复:
{"access_token":"ebc6f2cc174f5b6b2ce8e134bc4520ba905c2695"}
所以信息就在那里。但是,由于$bridgedRequest = OAuth2\HttpFoundationBridge\Request::createFromRequest(Request::instance());失败,Request::createFromGlobals()并没有意识到这一点。令牌有效。客户端凭据有效。我还尝试了Request::instance()而不是domain.com/endpoint?ebc6f2cc174f5b6b2ce8e134bc4520ba905c2695,但这没有效果。
我下一步找出问题的步骤是什么?
另外一个问题,如果有人知道一堆OAuth:
如何将令牌发送到GET路由?
我已经看到它附加到URI的末尾,如下所示: xtype : 'treepanel',
itemId : 'field-tree-command-metas',
region : 'center',
hideHeaders : true,
rootVisible : false,
emptyText : 'No Commands Available',
deferEmptyText : true,
bufferedRenderer : false,
reference : 'treeCommandMetas',
bind : {
selection : '{bindSelection}'
},
listeners : {
boxready : function() {
var treeView = this.getView();
treeView.refresh();
}
},
columns : [ {
xtype : 'noicontreecolumn',
dataIndex : 'name',
flex : 1,
nodeIconsProvider : function(record) {
if (record.isLeaf()) {
return [ '<i class="' + Glyphs.getIconClass('square-o', 'size-14px') + '"></i>' ];
}
if (record.isExpanded()) {
return [ '<i class="' + Glyphs.getIconClass('folder-open-o', 'fa-lg') + '"></i>' ];
}
return [ '<i class="' + Glyphs.getIconClass('folder-o', 'fa-lg') + '"></i>' ];
}
} ],
displayField : 'name',
store : 'Plugin.scheduler.store.CommandMetaStore'
。这是正确的&#39;这样做的方法?还有其他选择吗?
其他人遇到此问题:https://github.com/bshaffer/oauth2-server-php/issues/576
答案 0 :(得分:0)
我对这个包https://github.com/lucadegasperi/oauth2-server-laravel
有类似的问题将其添加到公共文件夹中的.htaccess
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]