发布访问令牌和刷新令牌时,我使用httpOnly = true将其发送到前端。我制作了一个中间件类,该类检查访问令牌是否已过期以及刷新令牌是否未过期。如果两种情况都成立,我将带有refresh_token作为grant_type的oauth /令牌路由称为。
所有这些都有效,但是我不确定如何在控制器内使用经过身份验证的用户。现在,我已经设置了中间件,当有响应时,它将发送新的访问和刷新令牌。
class RefreshAccessToken
{
/* @var AuthController $authController */
private $authController;
/**
* RefreshAccessToken constructor.
*
* @param AuthController $authController
*/
public function __construct(AuthController $authController)
{
$this->authController = $authController;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// User already has an access token
if ($request->hasCookie('access_token')) {
return $next($request);
}
// User doesn't have an access token and doesn't have a refresh token.
if (!$request->hasCookie('refresh_token')) {
return $next($request);
}
$response = $next($request);
$cookies = $this->authController->refreshToken($request);
return $response
->cookie($cookies['access_token'])
->cookie($cookies['refresh_token']);
}
}
现在在控制器内部,如果我想访问登录的用户,我总是得到null作为响应:
public function logout()
{
dd(auth()->user());
}
}
在控制器的构造方法中:
$this->middleware('auth:api')->only('logout');
有人知道如何处理此用例吗?