我假设您想要使用机器对机器身份验证(无用户交互)
I would recommend to read through the docs a couple of times to get the hang of it.
I do not believe there is an specific way to create an only client credentials client, What i do is to create an personal client then change the field for personal client in the database personal_access_client 1 => 0
You could use the personal client option, as seen from the --help option
Usage:
passport:client [options]
Options:
--personal Create a personal access token client
--password Create a password grant client
--name[=NAME] The name of the client
-h, --help Display this help message
...
php artisan passport:client --personal个
output个
Personal access client created successfully.
Client ID: 1
Client Secret: LbjQNxK5SQZ3pPrEBUwbkE8vaRkg8jh25Qh43HYy
You would need to use another middleware other then the default one because there is no user present when using this method
- 在内核中定义客户端凭据别名为中间件
- Add middleware to route
- Send request
定义http内核的客户端凭据中间件
类别\App\Http\Kernel:
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
//ommited
];
在路由上定义中间件
Route::get('/test', 'ApiTestController@test')->middleware('client_credentials');
Class \App\Http\Controllers\ApiTestController:
public function test() {
return response()->json(['data' => 'hey'] );
}
从php artisan route:list
GET|HEAD | api/test | App\Http\Controllers\ApiTestController@test | api,client_credentials |
Send request
Following the specified request in the documentation on client-credentials-grant-tokens
为了简单起见,我使用Postman,很容易用Postman发送测试请求(www.getpostman.com)
Set authorization to OAuth 2.0, image: Postman authentication
将访问令牌URL、客户端id、客户端机密和授权类型设置为"客户端凭据",图像:Postman OAuth Fields
postman 创建一个令牌,并将其附加到URL或标头,在本例中为标头
Accept:application/json
Authorization:Bearer eyJ0eXAiOi...KCjK0
答复:
{
"data": "hey"
}
