当用户登录我的 Foo SPA时,他将被重定向到Laravel后端登录页面,以通过Laravel Passport GET路由oauth/authorize
获取访问代码和令牌。由于某种原因,用户登录时未使用为此SPA设置的Passport oauth_clients
表中设置的用户提供程序。
我在下面的配置有什么问题?
后卫设置在config/auth.php
中:
'api-foo' => [
'driver' => 'passport',
'provider' => 'users-foo'
]
config/auth.php
中的提供者:
'users-foo' => [
'driver' => 'eloquent',
'model' => App\Models\Foo\User::class,
],
用户模型App/Models/Foo/User.php
:
<?php
namespace App\Models\Foo;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
/**
* The connection name for the model.
*
* @var string
*/
protected $connection = 'foo';
/**
* The table associated with the model.
*
* @var string
*/
protected $table = 'foo.users';
}
oauth_clients
表中的一项:
+----+---------+------+--------+----------+------------------------------------+------------------------+-----------------+---------+
| id | user_id | name | secret | provider | redirect | personal_access_client | password_client | revoked |
+----+---------+------+--------+----------+------------------------------------+------------------------+-----------------+---------+
| 2 | | Foo | *** | api-foo | http://foo.test:3001/auth/callback | false | false | false |
+----+---------+------+--------+----------+------------------------------------+------------------------+-----------------+---------+
注意: 我不使用密码授予令牌,因为它不安全且已根据oauth.net建议被弃用。
===编辑===
登录过程如下所示:
GET {backend}/oauth/authorize
:http://backend.test/oauth/authorize
?protocol=oauth2
&response_type=code
&access_type
&client_id=2
&redirect_uri=
http%3A%2F%2Ffoo.test%3A3001%2Fauth%2Fcallback
&scope=*
&state=nL2aLxjUivVpsqeyaA9KP
&code_challenge_method=implicit
提供了 client_id
,因此它可以从oauth_clients
表中的提供者那里获取身份验证保护。但是我可以在下一个查询中找到该数据的存储位置,以在我的app/Http/Controllers/Auth/LoginController.php
的{{1}}方法中设置保护措施。
attemptLogin()
输入GET {backend}/login
和login
password
POST {backend}/login
GET {backend}/oauth/authorize
http://backend.test/oauth/authorize
?access_type=
&client_id=2
&code_challenge_method=implicit
&protocol=oauth2
&redirect_uri=
http%3A%2F%2Ffoo.test%3A3001%2Fauth%2Fcallback
&response_type=code
&scope=%2A
&state=NzAefK__Rr--9Q5dX8oRo
GET {spa}/auth/callback
http://foo.test:3001/auth/callback
?code=def***3c1
&state=nL2aLxjUivVpsqeyaA9KP
GET {backend}/api/user