Laravel 5.3护照海关授权?
我知道我不是唯一一个走到这一步的人。是否有人知道如何在Laravel(5.3)Passport中正确实施自定义授权 或 有一个很好的链接/教程来参考如何正确地做到这一点 我知道有这个包裹: 但我要求的是一种更“自己动手”的方法Laravel 5.3护照海关授权?,laravel,laravel-5,laravel-5.2,laravel-5.3,laravel-passport,Laravel,Laravel 5,Laravel 5.2,Laravel 5.3,Laravel Passport,我知道我不是唯一一个走到这一步的人。是否有人知道如何在Laravel(5.3)Passport中正确实施自定义授权 或 有一个很好的链接/教程来参考如何正确地做到这一点 我知道有这个包裹: 但我要求的是一种更“自己动手”的方法 提前谢谢。我不知道您所说的自定义授权是什么意思,但您可以使用passport服务进行密码授权,密码授权可以根据您的喜好进行自定义 参考: 为了更深入地了解,您将获得一个客户端id和客户端机密,api的所有用户都将使用该id和客户端机密来获取访问令牌,并使用其密码和电子邮
提前谢谢。我不知道您所说的自定义授权是什么意思,但您可以使用passport服务进行密码授权,密码授权可以根据您的喜好进行自定义 参考: 为了更深入地了解,您将获得一个客户端id和客户端机密,api的所有用户都将使用该id和客户端机密来获取访问令牌,并使用其密码和电子邮件刷新令牌,然后您可以通过中间件添加功能来定制流程 例如,您可以检查一些自定义的头(如果存在),或者根据请求更改数据库以执行进一步的查询等等 也许我对你的问题完全误解了,如果是这样的话,请详细说明你的需求
namespace App\Providers;
use App\Auth\Grants\FacebookGrant;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Laravel\Passport\Bridge\RefreshTokenRepository;
use Laravel\Passport\Passport;
use League\OAuth2\Server\AuthorizationServer;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
app(AuthorizationServer::class)->enableGrantType(
$this->makeFacebookGrant(), Passport::tokensExpireIn()
);
Passport::routes();
//
}
/**
* Create and configure a Facebook grant instance.
*
* @return FacebookGrant
*/
protected function makeFacebookGrant()
{
$grant = new FacebookGrant(
$this->app->make(RefreshTokenRepository::class)
);
$grant->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
return $grant;
}
}
<?php
namespace App\Auth\Grants;
use Illuminate\Http\Request;
use Laravel\Passport\Bridge\User;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\AbstractGrant;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;
use RuntimeException;
class FacebookGrant extends AbstractGrant
{
/**
* @param RefreshTokenRepositoryInterface $refreshTokenRepository
*/
public function __construct(
RefreshTokenRepositoryInterface $refreshTokenRepository
) {
$this->setRefreshTokenRepository($refreshTokenRepository);
$this->refreshTokenTTL = new \DateInterval('P1M');
}
/**
* {@inheritdoc}
*/
public function respondToAccessTokenRequest(
ServerRequestInterface $request,
ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL
) {
// Validate request
$client = $this->validateClient($request);
$scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
$user = $this->validateUser($request, $client);
// Finalize the requested scopes
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier());
// Issue and persist new tokens
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
$refreshToken = $this->issueRefreshToken($accessToken);
// Inject tokens into response
$responseType->setAccessToken($accessToken);
$responseType->setRefreshToken($refreshToken);
return $responseType;
}
/**
* @param ServerRequestInterface $request
*
* @return UserEntityInterface
* @throws OAuthServerException
*/
protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
{
$facebookId = $this->getRequestParameter('facebook_id', $request);
if (is_null($facebookId)) {
throw OAuthServerException::invalidRequest('facebook_id');
}
$email = $this->getRequestParameter('email', $request);
if (is_null($email)) {
throw OAuthServerException::invalidRequest('email');
}
$user = $this->getUserEntityByUserFacebookId(
$facebookId,
$email,
$this->getIdentifier(),
$client
);
if ($user instanceof UserEntityInterface === false) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
throw OAuthServerException::invalidCredentials();
}
return $user;
}
/**
* Retrieve a user by the given Facebook Id.
*
* @param string $facebookId
* @param string $email
* @param string $grantType
* @param \League\OAuth2\Server\Entities\ClientEntityInterface $clientEntity
*
* @return \Laravel\Passport\Bridge\User|null
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*/
private function getUserEntityByUserFacebookId($facebookId, $email, $grantType, ClientEntityInterface $clientEntity)
{
$provider = config('auth.guards.api.provider');
if (is_null($model = config('auth.providers.'.$provider.'.model'))) {
throw new RuntimeException('Unable to determine authentication model from configuration.');
}
$user = (new $model)->where('facebook_id', $facebookId)->first();
if (is_null($user)) {
$user = (new $model)->where('email', $email)->first();
if (is_null($user)) {
return;
}
// Now that we retrieved the user with the email, we need to update it with
// the given facebook id. So the user account will be linked correctly.
$user->facebook_id = $facebookId;
$user->save();
}
return new User($user->getAuthIdentifier());
}
/**
* {@inheritdoc}
*/
public function getIdentifier()
{
return 'facebook';
}
}
如何使用内置令牌作用域?作用域更特定于用户或客户端。在执行自定义授权时,您可以灵活地将auth中的auth流程或验证流程更改为适合身份验证服务器特定需要的流程(无论是什么)。上面的包已经采用“自己动手”的方法制作。个人认为,这是实现这种类型需求的最佳方式之一。不要重新发明轮子。那App\Auth\Grants\FacebookGrant呢?嗨,@aod我将添加这个类。这是我自己的实现。我们想实现社交登录。假设我们只想使用facebook访问令牌在系统中登录或注册用户。因此,我们没有任何密码或电子邮件。PasswordGrant需要密码和电子邮件。所以我们必须定制它。