使用默认的laravel.passport策略时,我传递了.SaveAs Application.UserLibraryPath & AddinName, 55
,而当我运行client_secret并在dist中搜索生成的代码时,我找不到npm run generate;它是隐藏的,这是很好,也是我想要的。
但是,当我使用自定义策略或本地策略并通过client_secret时,我可以在dist生成的代码中看到秘密。
client_secret如何隐藏 auth: {
strategies: {
password_grant_custom: {
_scheme: "~/auth/schemes/PassportPasswordScheme.js",
client_id: process.env.PASSPORT_PASSWORD_GRANT_ID,
client_secret: process.env.PASSPORT_PASSWORD_GRANT_SECRET,
endpoints: {
login: {
url: "/oauth/token",
method: "post",
propertyName: "access_token"
},
logout: false,
user: {
url: "api/v1/me",
method: 'get',
propertyName: false
}
}
},
'laravel.passport': {
url: "https://example.com",
client_id: process.env.PASSPORT_CLIENT_ID,
client_secret: process.env.PASSPORT_CLIENT_SECRET,
userinfo_endpoint: "https://example.com/api/v1/me",
}
}
},
,使其在公共代码中不可见?
答案 0 :(得分:0)
因为在laravel.passport中,在使用addAuthorize调用后将其删除。参见code
// Get client_secret, client_id and token_endpoint
const clientSecret = strategy.client_secret
const clientID = strategy.client_id
const tokenEndpoint = strategy.token_endpoint
// IMPORTANT: remove client_secret from generated bundle
delete strategy.client_secret
所以您需要为您的方案做同样的事情