Php Laravel 5.4 401/未经验证,使用Passport和多种令牌类型
在这方面的背景故事中,我一直在按照文档中的说明进行工作: 我有Php Laravel 5.4 401/未经验证,使用Passport和多种令牌类型,php,laravel,laravel-5,middleware,laravel-passport,Php,Laravel,Laravel 5,Middleware,Laravel Passport,在这方面的背景故事中,我一直在按照文档中的说明进行工作: 我有 拉威尔5.4 “laravel/passport”:“作曲家”^3.0 运行Mamp pro、PHP7.0.15的本地Mac osx 我在routes/api.php中调用示例用户路由 Route::get('/user', function () { return 'testing'; })->middleware('auth:api'); 邮递员卷曲头(从邮递员中的代码导出中提取): 我有1个使用Vue组件生成的
Route::get('/user', function () {
return 'testing';
})->middleware('auth:api');
邮递员卷曲头(从邮递员中的代码导出中提取):
我有1个使用Vue组件生成的个人访问令牌
我已经检查过我将令牌到期时间设置为1年,这反映在db中
My AuthServiceProvider.php
Passport::routes();
// TODO MAKE THEM LAST A LONG TIME
Passport::tokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10)
Passport::refreshTokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10)
Passport::pruneRevokedTokens(); //basic garbage collector
Passport::tokensCan([
'api-access' => 'Access Complete API',
]);
My RouteServiceProvider.php(map函数中调用mapApiRoutes)
mykernel.php路由中间件
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
--编辑——经过更多的研究
我正在使用postman测试我的api身份验证,每次尝试都会得到401。我尝试了个人访问客户端和密码授予客户端,两者都有相同的问题。在查看了它们之后,我意识到它们都使用授权承载[token]格式
所以我开始登录Passport source中的各种文件
在TokenGuard.php中
public function user(Request $request) {
Log::info('TokenGuard: '. $request);
if ($request->bearerToken()) {
return $this->authenticateViaBearerToken($request);
} elseif ($request->cookie(Passport::cookie())) {
return $this->authenticateViaCookie($request);
}
}
日志如下所示:
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
缺少的是请求的承载[令牌]部分。TokenGuard代码块正在运行if/else。这就是我认为失败发生的地方
它不也应该把它记录下来吗?由于承载令牌丢失,If/Else失败,因此返回401是有意义的
为什么要从请求中删除我的令牌。将此添加到项目公共目录下的
.htaccess
文件中:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
如何将令牌转换为JavaScript?上面代码示例中的令牌似乎太长。是否确实没有复制粘贴加密cookie?创建个人访问令牌时,Vue组件会弹出一个包含令牌的模式。我复制了它,然后使用了它。我已经尝试过三次了,以确保我没有搞砸。你唯一的选择是自己调试,用
\Log::info…
语句修改相关文件(甚至是core Laravel文件),然后看看自己陷入了什么困境。玩得开心@kyslik我的名字有什么问题吗?比如api vs auth:api之类的?
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]