“获取信息”;“未经验证的”;对于laravel passport中的每个请求
我使用的是laravel版本6和laravel/passport版本8。我越来越{ “消息”:“未经验证”。针对每个请求。 } 我有各种各样的警卫。 我的配置/auth.php“获取信息”;“未经验证的”;对于laravel passport中的每个请求,laravel,authentication,laravel-passport,laravel-middleware,Laravel,Authentication,Laravel Passport,Laravel Middleware,我使用的是laravel版本6和laravel/passport版本8。我越来越{ “消息”:“未经验证”。针对每个请求。 } 我有各种各样的警卫。 我的配置/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'vendors_web' => [
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'vendors_web' => [
'driver' => 'session',
'provider' => 'vendors',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'vendors' => [
'driver' => 'passport',
'provider' => 'vendors',
],
'admin' => [
'driver' => 'passport',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'vendors' => [
'driver' => 'eloquent',
'model' => App\Vendor::class,
],
],
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\ForceJsonResponse::class,
\App\Http\Middleware\Cors::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'auth.api' => [
\App\Http\Middleware\AddAuthHeader::class,
'throttle:60,1',
'bindings',
'auth:api',
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
],
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'userAuth' => \App\Http\Middleware\userAuth::class,
'adminAuth' => \App\Http\Middleware\adminAuth::class,
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'json.response' => \App\Http\Middleware\ForceJsonResponse::class,
'cors' => \App\Http\Middleware\Cors::class,
];
protected $middlewarePriority = [
\App\Http\Middleware\AddAuthHeader::class,
\App\Http\Middleware\Authenticate::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\Authenticate::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Auth\Middleware\Authorize::class,
];
Route::group([
'middleware' => ['auth.api', 'auth:vendors', 'cors', 'json.response']
], function(){
Route::get('/vendor-dashboard', "VendorController@dashboard");
//get authenticated user
Route::get('/user', 'Auth\AuthAPIController@user');
//products
Route::get('/vendor-get-products/{type}', 'VendorController@vendorProductListing');
Route::get('/vendor-create-product-view/{id}/{type}', 'VendorController@createVendorProductView');
Route::post('/vendor-create-product/{id}/{type}', 'VendorController@createVendorProduct');
//orders
Route::get('/vendor-orders/{status}/{type}', 'VendorController@getOrders');
Route::post('/vendor-orders/update/{status}/{type}', 'VendorController@orderStatusUpdate');
});
对于来自laravel的每个传出请求,我都使用passport的预定义中间件\laravel\passport\Http\middleware\CreateFreshApitonk::class,它将一个cookie附加到包含accessToken的传出响应。因此,对于每个传入的请求,我都编写了一个中间件auth.api,它获取cookie数据(令牌)并将其附加到请求头。
auth.api中间件
<?php
namespace App\Http\Middleware;
use Closure;
class AddAuthHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->bearerToken()) {
if ($request->hasCookie('_token')) {
$token = $request->cookie('_token');
$request->headers->add(['Authorization' => 'Bearer ' . $token]);
}
}
return $next($request);
}
}
api.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'vendors_web' => [
'driver' => 'session',
'provider' => 'vendors',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'vendors' => [
'driver' => 'passport',
'provider' => 'vendors',
],
'admin' => [
'driver' => 'passport',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'vendors' => [
'driver' => 'eloquent',
'model' => App\Vendor::class,
],
],
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\ForceJsonResponse::class,
\App\Http\Middleware\Cors::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
'auth.api' => [
\App\Http\Middleware\AddAuthHeader::class,
'throttle:60,1',
'bindings',
'auth:api',
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
],
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'userAuth' => \App\Http\Middleware\userAuth::class,
'adminAuth' => \App\Http\Middleware\adminAuth::class,
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'json.response' => \App\Http\Middleware\ForceJsonResponse::class,
'cors' => \App\Http\Middleware\Cors::class,
];
protected $middlewarePriority = [
\App\Http\Middleware\AddAuthHeader::class,
\App\Http\Middleware\Authenticate::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\Authenticate::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Auth\Middleware\Authorize::class,
];
Route::group([
'middleware' => ['auth.api', 'auth:vendors', 'cors', 'json.response']
], function(){
Route::get('/vendor-dashboard', "VendorController@dashboard");
//get authenticated user
Route::get('/user', 'Auth\AuthAPIController@user');
//products
Route::get('/vendor-get-products/{type}', 'VendorController@vendorProductListing');
Route::get('/vendor-create-product-view/{id}/{type}', 'VendorController@createVendorProductView');
Route::post('/vendor-create-product/{id}/{type}', 'VendorController@createVendorProduct');
//orders
Route::get('/vendor-orders/{status}/{type}', 'VendorController@getOrders');
Route::post('/vendor-orders/update/{status}/{type}', 'VendorController@orderStatusUpdate');
});
我得到的结果是,
登录后,我在浏览器中获得cookie。
如果我在中间件中添加了头,它会显示带有承载令牌的授权头,但仍然会得到一个经过身份验证的用户错误 你好!!谢谢你的回复。但我没有理解你。姚先生能给我简单介绍一下吗@KamleshPaul@KamleshPaulOkay是 啊即使我添加了邮递员的令牌,它也给了我同样的错误。我是使用中间件完成的,因为我不想每次都在everyu请求中附加它。@KamleshPaul它是auth.api,它将cookie标记添加到请求头中。请检查代码。
$request->bearerToken()
如果您将代币作为不记名代币传递,这将是真实的。您的传递方式如何?@KamleshPaul是的,这是正确的。我给代币的流程不同。1.用户将输入其登录凭据,在后端,我将检查凭据并为用户创建tokjen。2.我将把令牌作为cookie发送到前端。对于来自前端的每个请求,我将从后端的cookie中获取令牌。3.对于下一个传入请求,我的auth.api中间件将转换该cookie令牌并将其作为请求头附加。4.现在,我想看看我的api:供应商。有没有什么技术可以让我把优先权分配给api:vendors