如何将 Laravel Passport 与密码授予令牌一起使用

发布于06月14日

我刚刚阅读了https://laravel.com/docs/5.6/passport份文档，我有一些疑问，希望有人能帮助我:

First, some context, I want to use Passport as a way to provide Oauth authentication for my mobile app (first-party app).

当我使用php artisan passport:client --password时，我会得到一个客户ID和一个客户机密.这个值必须在我的应用程序上固定吗？例如，将它们硬编码或存储为"设置"文件？如果不应该存储这些值，那么它应该如何工作？
To register a user to my app I use: $user->createToken('The-App')->accessToken; I get that the accessToken will be the one used for sending on all my requests as a Header (Authorization => Bearer $accessToken) but what exactly is "The-App" value for?
对于登录用户，我使用URL:http://example.com/oauth/token并将其作为参数发送:

{
When I login the user using the previous endpoint I get back a refresh_token, I read that I could refresh the token through http://example.com/oauth/token/refresh but I try to request the refresh I got Error 419, I removed the url oauth/token/refresh from the csrf verification and now I get back "message": "Unauthenticated.", I'm making the following request:

内容类型:x-www-form-urlencode GRANT_TYPE:REFRESH_TOKEN REFRESH_TOKEN:-REFRESH-TOKEN//我从命令中获得的刷新令牌(问题3) client_id:1//我从命令(问题1)获得的客户端ID CLIENT_SECRET:shhh//我从命令(问题1)获得的Client Secret 作用域:‘’

Should I use this endpoint? or is not necessary given the app I'm trying to develop.

Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example: oauth/clients*, oauth/personal-access-tokens* is there a way to remove them from the endpoints published by passport?

Thanks a lot for your help!

public function login(Request $request) { $credentials = $request->only('email', 'password'); if (Auth::attempt($credentials)) { // Authentication passed... $user = Auth::user(); $token = $user->createToken('Token Name')->accessToken; return response()->json($token); } }

$http = new GuzzleHttp\Client; $response = $http->post('http://your-app.com/oauth/token', [ 'form_params' => [ 'grant_type' => 'password', 'client_id' => 'client-id', 'client_secret' => 'client-secret', 'username' => 'taylor@laravel.com', 'password' => 'my-password', 'scope' => '', ], ]); return json_decode((string) $response->getBody(), true);

$http = new GuzzleHttp\Client; $response = $http->post('http://your-app.com/oauth/token', [ 'form_params' => [ 'grant_type' => 'refresh_token', 'refresh_token' => 'the-refresh-token', 'client_id' => 'client-id', 'client_secret' => 'client-secret', 'scope' => '', ], ]); return json_decode((string) $response->getBody(), true);

如何将 Laravel Passport 与密码授予令牌一起使用

推荐答案

Laravel相关问答推荐

使用MAATWebSite/EXCEL导入Exel时，不会创建Laravel模型

从 Laravel 中的值开始主键

在 Laravel 中设置多个 Vue 组件的问题

处理程序类中的错误 - Laravel

Laravel 5.2 无法打开 laravel.log

Laravel 有Many Many to Many To One Eloquent

Laravel 6 Passport 在错误的凭证上返回 400 Bad request

Laravel 5 日志(log)中的最大文件数

如何使用 ajax 请求删除 laravel 5.3 中的记录？

Laravel timestamps() 不会创建 CURRENT_TIMESTAMP

在表单中添加一对多 - Backpack laravel

在 Laravel 中下载后如何重定向？

Http请求多浏览器的烦恼

Eloquent ORM，deleted_at 使用软删除时没有索引

如何在 Laravel 中实现数组类型路由？

向 Docker 上的 Artisan 推荐方式

如何获取 Laravel 块的返回值？

开发中的 Laravel 和视图缓存 - 无法立即看到更改

Laravel Eloquent 多对多查询 whereIn

找不到 HOME 环境 -- 扩展 `~'