我刚刚阅读了https://laravel.com/docs/5.6/passport份文档,我有一些疑问,希望有人能帮助我:
First, some context, I want to use Passport as a way to provide Oauth authentication for my mobile app (first-party app).
当我使用
php artisan passport:client --password
时,我会得到一个客户ID和一个客户机密.这个值必须在我的应用程序上固定吗?例如,将它们硬编码或存储为"设置"文件?如果不应该存储这些值,那么它应该如何工作?To register a user to my app I use:
$user->createToken('The-App')->accessToken;
I get that the accessToken will be the one used for sending on all my requests as a Header (Authorization => Bearer $accessToken) but what exactly is "The-App" value for?-
对于登录用户,我使用URL:http://example.com/oauth/token并将其作为参数发送:
{
-
When I login the user using the previous endpoint I get back a refresh_token, I read that I could refresh the token through http://example.com/oauth/token/refresh but I try to request the refresh I got Error 419, I removed the url oauth/token/refresh from the csrf verification and now I get back
"message": "Unauthenticated."
, I'm making the following request:内容类型:x-www-form-urlencode GRANT_TYPE:REFRESH_TOKEN REFRESH_TOKEN:-REFRESH-TOKEN//我从命令中获得的刷新令牌(问题3) client_id:1//我从命令(问题1)获得的客户端ID CLIENT_SECRET:shhh//我从命令(问题1)获得的Client Secret 作用域:‘’
Should I use this endpoint? or is not necessary given the app I'm trying to develop.
- Finally, there are a lot of endpoints that I get from passport that I don't think I will use for example:
oauth/clients*
,oauth/personal-access-tokens*
is there a way to remove them from the endpoints published by passport?
Thanks a lot for your help!