现在我已经用VUE JS编写了FrontEnd,并用Laravel编写了后端,在前端我已经进行了注册和登录,并向/ api / auth / login发送了请求
具有运行LOGIN函数,其中我使用ConfigFile中的client_secret,非常完美
但是主要问题是我的后端在同一服务器上发送CURL(我认为这是错误的并且很耗时) 1.前端将POST请求发送到/ api / auth / login(用户名,密码) 2.后端-将CURL发送到/ api / oauth / token(用户名,密码,client_secret)
还有什么更好的方法可以隐藏Hide client_secret吗?或者直接从/ api / auth / login获取宣誓令牌?
登录功能代码:
$http = new Client([
'verify' => false,
'timeout' => 5, // Response timeout
'connect_timeout' => 5, // Connection timeout
'peer' => false
]);
try {
$response = $http->post(config('services.passport.login_endpoint'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => config('services.passport.client_id'),
'client_secret' => config('services.passport.client_secret'),
'username' => $request->username,
'password' => $request->password,
]
]);
return $response->getBody();
} catch (BadResponseException $e) {
$msg = 'Something went wrong on the server';
switch($e->getCode()) {
case 400:
$msg = 'Your credentials are incorrect. Please try again.';
break;
case 401:
$msg = 'Your credentials are incorrect. Please try again.';
break;
}
return response()->json($msg, $e->getCode());
}