安装依赖
composer require laravel/passport
配置文件
Laravel\Passport\PassportServiceProvider::class,
生成认证数据表
php artisan migrate
该命令将会创建生成安全访问令牌(token)所需的加密键
php artisan passport:install
认证用户的token和scope:
运行完这个命令后,添加 Laravel\Passport\HasApi[Token]
(http://laravelacademy.org/tags/token)strait到 App\User 模型,
该trait将会为模型类提供一些辅助函数用于检查认证用户的token和scope
添加操作
class AuthServiceProvider extends ServiceProvider{
/**
* 应用的策略映射关系. *
* @var array
* @translator laravelacademy.org
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
/** * 注册任意认证/[授权]服务.
* @return void
*/
public function boot() {
$this->registerPolicies();
Passport::routes();
}}
用户权限
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
}
认证向导
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
配置
AuthServiceProvider 中配置
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
颁发访问令牌
php artisan passport:client
授权重定向
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
通过请求---用户点击授权的界面
php artisan vendor:publish --tag=passport-views
将授权码转化为访问令牌【用户同意授权】
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'redirect_uri' => 'http://example.com/callback',
'code' => $request->code,
],
]);
return json_decode((string) $response->getBody(), true);
});
刷新令牌
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
路由保护
Route::get('/user', function () {
//
})->middleware('auth:api');
传递访问令牌 [PHP消费api]
$http = new GuzzleHttp\Client;
$response = $http->request('GET', '/api/user', [
'headers' => [
'Accept' => 'application/json',
'Authorization' => 'Bearer '.$accessToken,
],
]);
令牌作用域
AuthServiceProvider 类 boot() 方法中添加
Passport::tokensCan([
'place-orders' => 'Place orders',
'check-status' => 'Check order status',
]);
分配作用域到令牌
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 'client-id',
'redirect_uri' => 'http://example.com/callback',
'response_type' => 'code',
'scope' => 'place-orders check-status',//这个地方就是作用域
]);
return redirect('http://your-app.com/oauth/authorize?'.$query);
});
检查作用域
Kernel.php 的 $routeMiddleware 中添加
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
使用JavaScript消费API
'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
参考地址