我正在尝试在用户通过社交名流认证后生成具有访问权限的承载令牌并刷新令牌。
public function handleProviderCallback($provider, EmailConfirmationMailer $mailer)
{
$user = Socialite::driver($provider)->user();
if(User::where('email', '=', $user->getEmail())->exists()){
$exist_user = User::where('email', '=', $user->getEmail())->first();
Auth::loginUsingId($exist_user->id);
$http = new GuzzleHttp\Client;
$response = $http->post('http://localhost:8000/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 1,
'client_secret' => 'c4ojSmOjl04QrshdSXlOmbKUOIxm6zqyhND34AT0',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
}else{
//create new user here
}
}
我从vendor \ laravel \ socialite \ src \ Two \ AbstractProvider.php中得到了错误 用户功能,消息为“”。
public function user()
{
if ($this->hasInvalidState()) {
throw new InvalidStateException;//here is the highlighted
}
$response = $this->getAccessTokenResponse($this->getCode());
$user = $this->mapUserToObject($this->getUserByToken(
$token = Arr::get($response, 'access_token')
));
return $user->setToken($token)
->setRefreshToken(Arr::get($response, 'refresh_token'))
->setExpiresIn(Arr::get($response, 'expires_in'));
}
这种情况下的最佳做法是什么?任何帮助将不胜感激。
答案 0 :(得分:1)
重新排序以生成没有refreshToken的accessToken:
public function handleProviderCallback($provider)
{
$user = Socialite::driver($provider)->user();
if(User::where('email', '=', $user->getEmail())->exists()){
$existUser = User::where('email', '=', $user->getEmail())->first();
Auth::login($existUser,true);
//remove existing tokens from user
$tokenResult = $existUser->createToken('Personal Access Token');
return \response()->json([
'token_type' => 'Bearer',
'expires_in' => $tokenResult->token->expires_at->diffInSeconds(Carbon::now()),
'access_token' => $tokenResult->accessToken,
'info' => 'Existing user'
]);
}else{
//create new user entry
}
}