安裝依賴
composer require laravel/passport
配置文件
Laravel\Passport\PassportServiceProvider::class,
生成認(rèn)證數(shù)據(jù)表
php artisan migrate
該命令將會(huì)創(chuàng)建生成安全訪問令牌(token)所需的加密鍵
php artisan passport:install
認(rèn)證用戶的token和scope:
運(yùn)行完這個(gè)命令后错沽,添加 Laravel\Passport\HasApi[Token]
(http://laravelacademy.org/tags/token)strait到 App\User 模型,
該trait將會(huì)為模型類提供一些輔助函數(shù)用于檢查認(rèn)證用戶的token和scope
添加操作
class AuthServiceProvider extends ServiceProvider{
/**
* 應(yīng)用的策略映射關(guān)系. *
* @var array
* @translator laravelacademy.org
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
/** * 注冊(cè)任意認(rèn)證/[授權(quán)]服務(wù).
* @return void
*/
public function boot() {
$this->registerPolicies();
Passport::routes();
}}
用戶權(quán)限
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
}
認(rèn)證向?qū)?/h2>
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
配置
AuthServiceProvider 中配置
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
頒發(fā)訪問令牌
php artisan passport:client
授權(quán)重定向
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
通過請(qǐng)求---用戶點(diǎn)擊授權(quán)的界面
php artisan vendor:publish --tag=passport-views
將授權(quán)碼轉(zhuǎn)化為訪問令牌【用戶同意授權(quán)】
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'redirect_uri' => 'http://example.com/callback',
'code' => $request->code,
],
]);
return json_decode((string) $response->getBody(), true);
});
刷新令牌
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
路由保護(hù)
Route::get('/user', function () {
//
})->middleware('auth:api');
傳遞訪問令牌 [PHP消費(fèi)api]
$http = new GuzzleHttp\Client;
$response = $http->request('GET', '/api/user', [
'headers' => [
'Accept' => 'application/json',
'Authorization' => 'Bearer '.$accessToken,
],
]);
令牌作用域
AuthServiceProvider 類 boot() 方法中添加
Passport::tokensCan([
'place-orders' => 'Place orders',
'check-status' => 'Check order status',
]);
分配作用域到令牌
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => 'place-orders check-status',//這個(gè)地方就是作用域
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
檢查作用域
Kernel.php 的 $routeMiddleware 中添加
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
使用JavaScript消費(fèi)API
'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
AuthServiceProvider 中配置
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
php artisan passport:client
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
php artisan vendor:publish --tag=passport-views
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'redirect_uri' => 'http://example.com/callback',
'code' => $request->code,
],
]);
return json_decode((string) $response->getBody(), true);
});
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
Route::get('/user', function () {
//
})->middleware('auth:api');
$http = new GuzzleHttp\Client;
$response = $http->request('GET', '/api/user', [
'headers' => [
'Accept' => 'application/json',
'Authorization' => 'Bearer '.$accessToken,
],
]);
AuthServiceProvider 類 boot() 方法中添加
Passport::tokensCan([
'place-orders' => 'Place orders',
'check-status' => 'Check order status',
]);
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => 'place-orders check-status',//這個(gè)地方就是作用域
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
Kernel.php 的 $routeMiddleware 中添加
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
