所以我正在尝试创建一个基本的JWT令牌认证。
我使用Laravel作为我的后端API与tymon / jwt-auth一起创建令牌/刷新令牌并提供中间件来检查令牌。
我正在使用带有Satellizer的AngularJS将返回的令牌存储在本地存储中,并为将来的所有请求发送所述令牌。
我使用的是Laravel 5.1 / Jwt-auth 0.5。* / AngularJs 1.4.7 / Satellizer(最新版)。
我登录后,令牌存储在我的本地存储中。然后我尝试调用authenticntcate的索引来“获取所有用户”,并且授权标题位于Bearer <token stored in local storage>,但我得到“token_not_provided”的响应,就好像中间件没有查看授权头中的令牌。这是我的一些代码。我正在关注https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps。
AuthenticateController.php:
<?php namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use App\User;
class AuthenticateController extends Controller
{
public function __construct()
{
// Apply the jwt.auth middleware to all methods in this controller
// except for the authenticate method. We don't want to prevent
// the user from retrieving their token if they don't already have it
$this->middleware('jwt.auth', ['except' => ['authenticate']]);
}
public function index()
{
// Retrieve all the users in the database and return them
$users = User::all();
return $users;
}
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
try {
// verify the credentials and create a token for the user
if (!$token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong
return response()->json(['error' => 'could_not_create_token'], 500);
}
// if no errors are encountered we can return a JWT
return response()->json(compact('token'));
}
}
答案 0 :(得分:1)
使用Apache时,您需要将.htaccess设置为不裁剪Authorization标头。
在path/to/your/project/public/.htaccess打开.htaccess并添加此
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]