我正在尝试为自己的未来Javascript application使用Passport在Laravel 5.6上学习并做一个演示项目。因此,第一方应用程序需要Passport。
问题是我已经看过数十本教程,而且没有人找到像auth这样的基本/login, /register, /refresh, /logout路线的A-Z指南。我已经实现了login,register和logout,发现了一些带有刷新的演示,并以完全相同的方式重复了该代码,但它却像
{
"error": "invalid_request",
"message": "The refresh token is invalid.",
"hint": "Token is not linked to client"
}
。
也许有人用这些东西找到了一个启动项目/ bundle,所以我可以节省一些时间吗?因为当您花2天时间后,它会变得很烦人,需要从教程和Laravel官方文档中重复编写代码,最后会遇到一些错误,甚至Google也不知道如何以及为什么?
或者...某人可以解释该代码有什么问题,所以它不起作用?
LoginController
<?php
namespace App\Http\Controllers\Api\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Route;
use Laravel\Passport\Client;
class LoginController extends Controller
{
use IssueTokenTrait;
private $client;
public function __construct(){
$this->client = Client::find(1);
}
public function login(Request $request){
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
return $this->issueToken($request, 'password');
}
public function refresh(Request $request){
$this->validate($request, [
'refresh_token' => 'required'
]);
return $this->issueToken($request, 'refresh_token');
}
public function logout(Request $request){
$accessToken = Auth::user()->token();
DB::table('oauth_refresh_tokens')
->where('access_token_id', $accessToken->id)
->update(['revoked' => true]);
$accessToken->revoke();
return response()->json([], 204);
}
}
IssueTokenTrait.php
<?php
namespace App\Http\Controllers\Api\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use GuzzleHttp\Exception\GuzzleException;
use GuzzleHttp\Client as Cli;
trait IssueTokenTrait{
public function issueToken(Request $request, $grantType, $scope = ""){
$params = [
'grant_type' => $grantType,
'client_id' => $this->client->id,
'client_secret' => $this->client->secret,
'scope' => $scope
];
$params['username'] = $request->username ?: $request->email;
if($grantType == 'refresh_token') {
$params['refresh_token'] = $request->refresh_token;
}
$request->request->add($params);
$proxy = Request::create('oauth/token', 'POST');
return Route::dispatch($proxy);
}
}
AuthServiceProvider.php
<?php
namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(now()->addMinutes(1));
Passport::refreshTokensExpireIn(now()->addDays(30));
}
}
api.php(路由)
Route::post('register', 'Api\Auth\RegisterController@register');
Route::post('login', 'Api\Auth\LoginController@login');
Route::post('refresh', 'Api\Auth\LoginController@refresh');
Route::middleware('auth:api')->group(function () {
Route::post('logout', 'Api\Auth\LoginController@logout');
});
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
注册时,我有一个access_token。我说他有效一分钟。在这段时间内,我可以使用受token路由保护的auth访问。
同样,当logging in时,我收到了访问令牌,一切正常。
logging out相同时。
但是,当我尝试使用/refresh令牌时,access_token是否已过期都没有关系,我是使用/api/refresh向http_body发送请求像refresh_token => my-refresh-token,它返回我
{
"error": "invalid_request",
"message": "The refresh token is invalid.",
"hint": "Token is not linked to client"
}
但是确切的代码可以在tuttorial
中工作