Laravel护照oauth路线总是返回401未经授权

时间:2018-05-24 06:14:43

标签: php laravel authentication oauth laravel-passport

我尝试用护照实现oauth身份验证,但我无法按预期工作。

我想让我的api使用简单的jwt,并为第三方应用程序添加其他oauth-api。

我的问题是当我尝试访问任何oauth/*路由时(例如oauth/authorize),我收到回复{"message":"Unauthorized.","success":false}

我不知道我的实施中出了什么问题,而且我在这个错误中陷入了一天。

我的警卫:

'guards' => [
    'web' => [
        'driver' => 'jwt',
        'provider' => 'myappprovider',
    ],
    'api' => [
        'driver' => 'jwt',
        'provider' => 'myappprovider',
    ],
    'oauth-api' => [
        'driver' => 'passport',
        'provider' => 'myappprovider'
    ]
],

这是我的AuthServiceProvider:

class AuthServiceProvider extends ServiceProvider{

/**
 * Register any application authentication / authorization services.
 *
 * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
 * @return void
 */
public function boot(GateContract $gate)
{
    Passport::routes();

    // Create auth user provider
    Auth::provider('myapp', function($app)
    {
        $repository = app()->make('\MyApp\User\Repository\UserRepository');
        return new AuthUserProvider($repository);
    });

    // Create auth driver
    Auth::extend('jwt', function($app, $name, array $config)
    {
        $provider = Auth::createUserProvider($config['provider']);
        return new JwtAuthGuard($name, $provider);
    });

    parent::registerPolicies($gate);

}}

AppKernel:

class Kernel extends HttpKernel{
/**
 * The application's global HTTP middleware stack.
 *
 * These middleware are run during every request to your application.
 *
 * @var array
 */
protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
];

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    //
    'api' => [
        //'throttle:60,1',
        'auth:api'
    ],
    'web' => [
        'language' => \App\Http\Middleware\Language::class
    ],
    'oauth-api' => [
        'auth:oauth-api'
    ]
];

/**
 * The application's route middleware.
 *
 * These middleware may be assigned to groups or used individually.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'role' => \App\Http\Middleware\RoleMiddleware::class,
    'session' => \Illuminate\Session\Middleware\StartSession::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'ip' => \App\Http\Middleware\IPMiddleware::class
];}

我的身份验证课程:

class Authenticate{
/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @param  string|null  $guard
 * @return mixed
 */
public function handle($request, Closure $next, $guard = null)
{
    if (Auth::guard($guard)->guest())
    {
        return response()->json([
            'message' => 'Unauthorized.',
            'success' => false
        ], 401);
    }

    return $next($request);
}}

1 个答案:

答案 0 :(得分:0)

OAuth2在用户的同意下工作,这就是为什么它具有Web和auth中间件的原因。

  

php artisan route:list

它将显示带有中间件的路由列表。以下链接更好地解释了它 https://stackoverflow.com/a/40999998/3377733

相关问题
最新问题