ÏêϸÏÈÈÝLaravel PassportµÄÁ÷³Ì¡¢ÉèÖúÍʹÓÃ
laravel passportÊÇlaravel¿ò¼ÜϵÄÒ»¿îÍêÕûµÄoauth2ЧÀͶËʵÏÖ£¬ ÔÊÐíÄãͨ¹ýapi¶ÔÓû§Éí·Ý¾ÙÐÐÈÏÖ¤ºÍÊÚȨ£¬Ê¹µÃapiЧÀÍ¿ÉÒÔÔÚÎÞÐè̻¶Óû§Æ¾Ö¤µÄÇéÐÎϾÙÐлá¼û£¬Õâ´ó´ó½µµÍÁË¿Í»§¶Ë¿ª·¢µÄÄѶȣ¬Ìá¸ßÁËÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£
Laravel Passport±³ºóµÄOAuth2ÐÒéÊÇÒµ½ç±ê×¼£¬ÒÔÊÇÄã¿ÉÒÔʹÓÃÏàͬµÄ¹¤¾ßºÍÁ÷³Ì£¬ÇáËɵØÔÚÆäËûÓïÑԺͿò¼ÜÖм¯³ÉOAuth2ÈÏÖ¤ºÍÊÚȨ¡£ÏÂÃ棬±¾ÎĽ«ÏêϸÏÈÈÝLaravel PassportµÄÁ÷³Ì¡¢ÉèÖúÍʹÓá£
×°ÖÃPassport
ÔÚʹÓÃLaravel Passport֮ǰ£¬ÐèÒªÏÈ×°ÖÃËü¡£ÎÒÃÇ¿ÉÒÔʹÓÃcomposerÏÂÁîÀ´×°ÖÃPassport£¬ÏÂÁîÈçÏ£º
composer require laravel/passport
µÇ¼ºó¸´ÖÆ
ÆôÓÃPassport
Laravel Passport×°ÖÃÍê±Ïºó£¬ÐèÒª½«ÆäЧÀÍÌṩ³ÌÐòÌí¼Óµ½config/app.phpÎļþÖеÄprovidersÊý×éÖУ¬·¿ª¸ÃÎļþ£¬ÕÒµ½providersÊý×é²¢Ìí¼ÓLaravel PassportµÄЧÀÍÌṩ³ÌÐò£¬ÈçÏÂËùʾ£º
'providers' => [ // Other Service Providers... Laravel\Passport\PassportServiceProvider::class, ],
µÇ¼ºó¸´ÖÆ
½¨ÉèÊý¾Ý¿â±í
ÔÚʹÓÃLaravel Passport֮ǰ£¬»¹ÐèҪн¨PassportËùÐèµÄÊý¾Ý¿â±í£¬¿ÉÒÔʹÓÃÒÔÏÂartisanÏÂÁîÀ´ÌìÉúǨáãÎļþ£º
php artisan migrate
µÇ¼ºó¸´ÖÆ
Ö´ÐÐÒÔÉÏÏÂÁîºó£¬Laravel Passport½«ÔÚÄãµÄÊý¾Ý¿âÖн¨É輸¸öеıíÀ´ÉúÑÄOAuth2¿Í»§¶Ë¡¢Access TokenºÍRefresh TokenµÈÊý¾Ý¡£
Ðû²¼ÉèÖÃÎļþ
Ö´ÐÐÒÔÏÂartisanÏÂÁ½«PassportµÄÉèÖÃÎļþÐû²¼µ½LaravelÏîÄ¿µÄconfigĿ¼Ï£º
php artisan vendor:publish --tag=passport-config
µÇ¼ºó¸´ÖÆ
½¨ÉèÃÜÔ¿
µ½´Ë£¬ÎÒÃÇÒѾ×öºÃÁËʹÓÃLaravel PassportËùÐèµÄÇ°ÖÃÌõ¼þ¡£½ÓÏÂÀ´£¬ÎÒÃÇÐèҪʹÓÃÒÔÏÂartisanÏÂÁîÀ´ÌìÉú¼ÓÃÜÃÜÔ¿£º
php artisan passport:keys
µÇ¼ºó¸´ÖÆ
ÒÔÉÏÏÂÁÌìÉúencryption keys£¬ÓÃÓÚÇ©ÊðcookieºÍaccess tokenµÈÊý¾Ý¡£
ÉèÖÃPassport
Íê³ÉÉÏÊö°ì·¨ºó£¬ÎÒÃǽÓÏÂÀ´ÐèÒªÉèÖÃPassport£¬ÒÔ±ãʹÆäÔËÐС£ÔÚconfig/auth.phpÉèÖÃÎļþÖУ¬½«apiÇý¶¯³ÌÐòµÄdriver¸ü¸ÄΪpassport£¬²¢ÉèÖÃguardsºÍproviders£¬ÈçÏÂËùʾ£º
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ],
µÇ¼ºó¸´ÖÆ
ÔÚͳһ¸öÎļþÖÐÉèÖÃproviders£¬ÈçÏÂËùʾ£º
'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\Models\User::class, ], ],
µÇ¼ºó¸´ÖÆ
Ò»µ©ÉèÖÃÎļþÍê³É£¬ APIÈÏÖ¤±ãÒѾͣµ±¡£
½¨ÉèRoute
½ÓÏÂÀ´£¬ÎÒÃÇÐèÒªÔÚapp/Http·ÓÉÎļþÖн¨ÉèAPI·ÓÉ£¬ÈçÏÂËùʾ£º
Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); });
µÇ¼ºó¸´ÖÆ
ÔÚÒÔÉÏ·ÓÉʾÀýÖУ¬½ç˵ÁËauth:apiÖÐÑë¼þ£¬ÓÃÓÚÑéÖ¤ÇëÇóÊÇ·ñÀ´×ÔÒÑÈÏÖ¤Óû§£¬Èô·ÇÒÑÈÏÖ¤Óû§£¬ÔòÔÚÑé֤ʧ°Üʱ·µ»Ø401״̬Âë¡£
½¨ÉèClient
ÏÖÔÚ£¬ÎÒÃÇÒѾÍê³ÉÁËÓ¦ÓóÌÐòÉèÖúÍAPI·ÓɵÄÉèÖ㬽ÓÏÂÀ´ÐèÒª½¨ÉèAPI¿Í»§¶Ë¡£ÔÚLaravel PassportÖУ¬ÌṩÁËartisanÏÂÁîpassport:client£¬ÓÃÓÚ½¨ÉèеÄOAuth2¿Í»§¶Ë¡£Ö´ÐÐÈçÏÂËùʾµÄÏÂÁ
php artisan passport:client --client
µÇ¼ºó¸´ÖÆ
ÔÚÖ´ÐÐÏÂÁîºó£¬ÎÒÃÇÐèÒªÊäÈë¿Í»§¶ËÃû³ÆºÍÊÚȨÖض¨ÏòURI£¬ÈçÏÂËùʾ£º
php artisan passport:client --client Which user ID should the client be assigned to? [0]: > 1 What should we name the client? > Test Where should we redirect the request after authorization? > http://example.com/callback
µÇ¼ºó¸´ÖÆ
ÒÔÉÏÏÂÁ½¨ÉèÒ»¸öеÄOAuth2¿Í»§¶Ë£¬ÓÃÓÚÏò´ËÓ¦ÓóÌÐòµÄAPI·¢ËÍÇëÇó¡£ÎÒÃǽ«»ñµÃÒ»¸ö¿Í»§¶ËIDºÍ¿Í»§¶ËÃÜÔ¿£¬ÓÃÓÚºóÃæµÄAPIÇëÇóÖС£
»ñÈ¡ÊÚȨ
¿Í»§¶ËÒѾ½¨ÉèÍê³É£¬²¢»ñµÃÁËÊÚȨÖض¨ÏòURI£¬ÏÖÔÚÎÒÃÇÐèÒªÏò¸ÃURI·¢ËÍÒ»¸öÇëÇó£¬ÓÃÒÔ»ñÈ¡ÊÚȨ¡£Ö®ºó£¬Passport½«»áΪ¿Í»§¶ËÌìÉú»á¼ûÁîÅÆ£¬²¢·µ»Ø¸ø¸Ã¿Í»§¶Ë¡£Ê¹ÓÃÈçÏÂËùʾµÄURL£¬Ìæ»»ÆäÖеÄClient IDºÍÖض¨ÏòURI£º
http://your-app.com/oauth/authorize?client_id={client-id}&redirect_uri={redirect-uri} &response_type=code&scope=
µÇ¼ºó¸´ÖÆ
ÔÚÊäÈëURLºó£¬ÈçÏÂËùʾµÄOAuth2ÊÚȨÆÁÄ»½«»áÏÔʾ£º
ÔÚµã»÷’Authorize’°´Å¥ºó£¬½«»á±¬·¢ÊÚȨ²¢Öض¨Ïòµ½Öض¨ÏòURI¡£
»ñÈ¡»á¼ûÁîÅÆ
ÏÖÔÚ£¬ÎÒÃÇÒѾ»ñµÃÁËÊÚȨ£¬²¢ÇÒ¿Í»§¶ËÒѾ±»ÊÚÓè»á¼ûAPIµÄȨÏÞ¡£ÎÒÃÇÐèҪʹÓÃOAuth2ÊÚȨÂ룬Óë¿Í»§¶ËÃÜÔ¿»»È¡»á¼ûÁîÅÆ£¬ÎÒÃÇ¿ÉÒÔʹÓÃÈçÏÂËùʾµÄcurlÏÂÁ´ÓAPIÊÚȨЧÀÍÆ÷»ñµÃ»á¼ûÁîÅÆ£º
$ curl -X POST -H "Accept: application/json" -F "client_id={client-id}" -F "client_secret={client-secret}" -F "grant_type=authorization_code" -F "code={code}" -F "redirect_uri={redirect-uri}" http://your-app.com/oauth/token
µÇ¼ºó¸´ÖÆ
Ö´ÐÐÒÔÉÏÏÂÁîºó£¬½«»ñµÃÈçÏÂËùʾµÄJSON¹¤¾ß£¬ÆäÖаüÀ¨access_tokenºÍrefresh_tokenµÈÐÅÏ¢£º
{ "token_type": "Bearer", "expires_in": 86400, "access_token": "{access-token}", "refresh_token": "{refresh-token}", }
µÇ¼ºó¸´ÖÆ
ʹÓûá¼ûÁîÅƾÙÐÐAPIÇëÇó
ÏÖÔÚ£¬ÎÒÃÇÒѾ»ñµÃÁË»á¼ûÁîÅÆ£¬ÎÒÃÇ¿ÉÒÔʹÓûá¼ûÁîÅÆÓëAPI¾ÙÐÐÇëÇó¡£ÎÒÃÇÐèÒªÔÚAPIÇëÇóÍ·²¿ÖÐÔöÌíAuthorizationÍ·£¬²¢ÉèÖÃBearer¼øȨ¼Æ»®£¬½«»á¼ûÁîÅÆ×÷ΪÁîÅÆÄÚÈݼ´¿É£¬ÈçÏÂËùʾ£º
$client = new \GuzzleHttp\Client(); $response = $client->request('GET', 'http://your-app.com/api/user', [ 'headers' => [ 'Authorization' => 'Bearer '.$accessToken, 'Accept' => 'application/json', ], ]);
µÇ¼ºó¸´ÖÆ
ÔÚÒÔÉÏ´úÂëÖУ¬ÎÒÃǽ«»á¼ûÁîÅÆÒÔBearer TOKEN µÄÃûÌÃÌá½»µ½APIЧÀͶ˾ÙÐÐÑéÖ¤£¬Àֳɺ󽫻ñµÃAPIµÄÏìӦЧ¹û¡£
×ܽá
ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ²ÊöÁËLaravel PassportµÄÁ÷³Ì¡¢ÉèÖúÍʹÓá£Ê¹ÓÃLaravel Passport£¬ÎÒÃÇ¿ÉÒÔ¿ìËÙµØΪAPIÓ¦ÓóÌÐòÌí¼ÓÇå¾²µÄÈÏÖ¤ºÍÊÚȨ£¬Í¬Ê±Ö§³ÖOAuth2ÐÒ飬ÓëÆäËû±à³ÌÓïÑԺͿò¼ÜʵÏÖOAuth2ÊÚȨµÄÓ¦ÓóÌÐò¾ÙÐл¥²Ù×÷£¬ÕâʹµÃ¿ª·¢ÕßÄܹ»¿ìËٵع¹½¨Çå¾²ÐԸߡ¢Ò×ÓÚʹÓõÄAPIÓ¦ÓóÌÐò¡£
ÒÔÉϾÍÊÇÏêϸÏÈÈÝLaravel PassportµÄÁ÷³Ì¡¢ÉèÖúÍʹÓõÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡