laravel5.4 API认证(passport)

安装依赖

composer require laravel/passport

配置文件

Laravel\Passport\PassportServiceProvider::class,

生成认证数据表

  php artisan migrate

该命令将会创建生成安全访问令牌(token)所需的加密键

  php artisan passport:install

认证用户的token和scope:

    运行完这个命令后,添加 Laravel\Passport\HasApi[Token]
    (http://laravelacademy.org/tags/token)strait到 App\User 模型,                  
    该trait将会为模型类提供一些辅助函数用于检查认证用户的token和scope

添加操作

     class AuthServiceProvider extends ServiceProvider{
         /** 
           * 应用的策略映射关系. * 
           * @var array 
          * @translator      laravelacademy.org
         */
       protected $policies = [ 
            'App\Model' => 'App\Policies\ModelPolicy', 
        ]; 

      /** * 注册任意认证/[授权]服务.
       * @return void 
      */ 
      public function boot() {
               $this->registerPolicies();     

               Passport::routes();  
      }}

用户权限

    class User extends Authenticatable
    {
        use HasApiTokens, Notifiable;
    }

认证向导

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

配置

    AuthServiceProvider 中配置

    Passport::routes();
    Passport::tokensExpireIn(Carbon::now()->addDays(15));
    Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));

颁发访问令牌

    php artisan passport:client

授权重定向

    Route::get('/redirect', function () {
          $query = http_build_query([
          'client_id' => 'client-id',
          'redirect_uri' => 'http://example.com/callback',
          'response_type' => 'code',
          'scope' => '',
    ]);

      return redirect('http://your-app.com/oauth/authorize?'.$query);
});

通过请求---用户点击授权的界面

    php artisan vendor:publish --tag=passport-views

将授权码转化为访问令牌【用户同意授权】

    Route::get('/callback', function (Request $request) {
    $http = new GuzzleHttp\Client;

    $response = $http->post('http://your-app.com/oauth/token', [
          'form_params' => [
          'grant_type' => 'authorization_code',
          'client_id' => 'client-id',
          'client_secret' => 'client-secret',
          'redirect_uri' => 'http://example.com/callback',
          'code' => $request->code,
        ],
    ]);

        return json_decode((string) $response->getBody(), true);
 });

刷新令牌

  $http = new GuzzleHttp\Client;
  $response = $http->post('http://your-app.com/oauth/token', [
      'form_params' => [
      'grant_type' => 'refresh_token',
      'refresh_token' => 'the-refresh-token',
      'client_id' => 'client-id',
      'client_secret' => 'client-secret',
      'scope' => '',
    ],
]);
return json_decode((string) $response->getBody(), true);

路由保护

    Route::get('/user', function () {
          //
    })->middleware('auth:api');

传递访问令牌 [PHP消费api]

  $http = new GuzzleHttp\Client;
  $response = $http->request('GET', '/api/user', [
  'headers' => [
      'Accept' => 'application/json',
      'Authorization' => 'Bearer '.$accessToken,
    ],
  ]);

令牌作用域

AuthServiceProvider 类  boot() 方法中添加
  Passport::tokensCan([
    'place-orders' => 'Place orders',
    'check-status' => 'Check order status',
]);

分配作用域到令牌

    Route::get('/redirect', function () {
    $query = http_build_query([
    'client_id' => 'client-id',
    'redirect_uri' => 'http://example.com/callback',
    'response_type' => 'code',
    'scope' => 'place-orders check-status',//这个地方就是作用域
    ]);

    return redirect('http://your-app.com/oauth/authorize?'.$query);
});

检查作用域

 Kernel.php    的 $routeMiddleware 中添加
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,

使用JavaScript消费API

'web' => [
   // Other middleware...
   \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
 ],

参考地址

你可能感兴趣的:(laravel5.4 API认证(passport))