Laravel Passport API调用总是返回未经身份验证的

时间:2019-07-15 15:02:44

标签: php laravel laravel-passport

所以我已经用Passport设置了我的API,并尝试发出GET请求将近一个星期,但仍然收到以下响应:

{
"message": "Unauthenticated."
}

下面是我的配置:

Auth.php 

'defaults' => [
    'guard' => 'web',
    'passwords' => 'users',
],

'guards' => [
    'web' => [
        'driver' => 'token',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
        //'hash' => true,
    ],
],

AuthServiceProvider.php 

public function boot()
{
    $this->registerPolicies();

    //
    Passport::routes();
    Passport::tokensExpireIn(Carbon::now()->addDays(7));

   Passport::refreshTokensExpireIn(Carbon::now()->addDays(14));



}

RouteServiceProvider 

 protected function mapApiRoutes()
{
    Route::prefix('api')
         ->middleware('auth:api')
         ->namespace($this->namespace)
         ->group(base_path('routes/api.php'));
}

控制器:根据laravel doc

使用用户凭据的令牌请求功能 
public function callback(Request $request)
{
     $http = new Client();
    $token_url=url('oauth/token');

$response = $http->post($token_url, [
    'form_params' => [
        'grant_type' => 'password',
        'client_id' => $this->client_id,
        'client_secret' => $this->client_secret,
        'username'=>'my-username',
        'password'=>'my-password',
        'scope' =>'*',
    ],
]);

return json_decode((string) $response->getBody(), true);
}

哪个将在我的请求中返回我在请求中使用的access_token。我尝试了下面列出的所有解决方案,但没有一个起作用:

.htaccess 

# Handle Authorization Header
 RewriteCond %{HTTP:Authorization} .
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Passport.php line 167 

 public static function tokensExpireIn(DateTimeInterface $date = null)
{
    if (is_null($date)) {
        return static::$tokensExpireAt
                        ? Carbon::now()->diff(static::$tokensExpireAt)
                        : new DateInterval('P1Y');
    }

    static::$tokensExpireAt = $date;

    return new static;
}

请帮助,我现在很绝望:)

3 个答案:

答案 0 :(得分:0)

尝试使用以下方法创建新的密码授予客户端:

php artisan passport:client --password

您将获得类似的输出:

What should we name the password grant client? [Laravel Password Grant Client]:
 > 

Password grant client created successfully.
Client ID: 4
Client secret: WlRYEbA5lt5esbi0MuFyJPzPDmHDGsk3iC5QGw7d

使用这些凭据填写您的客户ID和机密。通过Vue组件界面创建的标准客户端凭据不适用于密码授予。

答案 1 :(得分:0)

问题在于您如何进行身份验证以及所使用的令牌。

有两种生成令牌的方法

  1. 用户登录,如果用户通过了身份验证,则可以使用create token获取令牌。
  2. 生成客户并通过护照使用PRE建立的路线来获取令牌

现在在API路由中,您必须在方法中告诉您如何进行身份验证,例如

// Below one is for authenticating Client token  
Route::get('/test', 'Api\TestController@index')->middleware('client_credentials');

// Below one is for the User token  
Route::get('/test', 'Api\TestController@index')->middleware('auth:api');

并且请记住,如果您使用的是客户端身份验证,则必须在routemiddleware的{​​{1}}中添加以下行

App/http/kernel.php

我希望能解决问题

答案 2 :(得分:0)

尝试注释api中间件组(app / HTTP / Kernel.php)中的中间件

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
        ],

        'api' => [
//            'throttle:60,1',
//            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

或在app / Providers / RouteServiceProvider.php中注释API中间件组

protected function mapApiRoutes()
    {
        Route::prefix('api')
             // ->middleware('api')
             ->namespace($this->namespace)
             ->group(base_path('routes/api.php'));
    }
相关问题
最新问题