我正在尝试在PHP中使用OpenID Connect库,我已经下载并测试了这个:https://github.com/jumbojett/OpenID-Connect-PHP
它工作得很好,但后来我启动了一个Laravel 5.4项目,并将库添加到其中。我的想法是使用中间件将用户重定向到库,并在请求“管理员”页面时对用户进行身份验证。
但是当程序达到“重定向”方法时,会话就会丢失,这在我不使用Laravel时就不会发生。
这是web.php文件
Route::group(['middlware' => 'web', 'auth'], function () {
Route::get('admin', 'KeycloakController@auth');
});
这是kernel.php文件
protected $middlewareGroups = [
'web' => [
\MiddlewareTest\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\MiddlewareTest\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'auth' => [
'keycloak' => \MiddlewareTest\Http\Middleware\Keycloak::class,
],
];
当到达控制器时,我从另一个类
调用此方法 private function requestAuthorization() {
$auth_endpoint = $this->getProviderConfigValue("authorization_endpoint");
$response_type = "code";
// Generate and store a nonce in the session
// The nonce is an arbitrary value
$nonce = $this->generateRandString();
Session::put('openid_connect_nonce', $nonce);
// State essentially acts as a session key for OIDC
$state = $this->generateRandString();
Session::put('openid_connect_state', $state);
Session::save();
\Log::info(session('openid_connect_state'));
$auth_params = array_merge($this->authParams, array(
'response_type' => $response_type,
'redirect_uri' => $this->getRedirectURL(),
'client_id' => $this->clientID,
'nonce' => $nonce,
'state' => $state,
'scope' => 'openid'
));
// If the client has been registered with additional scopes
if (sizeof($this->scopes) > 0) {
$auth_params = array_merge($auth_params, array('scope' => implode(' ', $this->scopes)));
}
$auth_endpoint .= '?' . http_build_query($auth_params, null, '&');
$this->redirect($auth_endpoint);
}
但是,当浏览器在“重定向”方法中转到该URL时,会话就会丢失 - 我不知道为什么。
请帮助我理解为什么会这样。
提前致谢。