Php 注销不存在';t与Laravel JWT auth合作
我正在使用jwtauth和Laravel框架对用户进行身份验证。采用Laravel作为服务器端框架,前端代码在我们自己开发的框架中。因此,我们使用api而不是web来实现身份验证。登录在这个环境中工作得很好,而注销和刷新令牌不能像我希望的那样执行。我会按照你说的配置一切 route.phpPhp 注销不存在';t与Laravel JWT auth合作,php,laravel,logout,jwt-auth,Php,Laravel,Logout,Jwt Auth,我正在使用jwtauth和Laravel框架对用户进行身份验证。采用Laravel作为服务器端框架,前端代码在我们自己开发的框架中。因此,我们使用api而不是web来实现身份验证。登录在这个环境中工作得很好,而注销和刷新令牌不能像我希望的那样执行。我会按照你说的配置一切 route.php Route::group(['middleware' => 'api', 'prefix' => 'user', 'namespace' => 'User'], function () {
Route::group(['middleware' => 'api', 'prefix' => 'user', 'namespace' => 'User'], function () {
Route::post('/login', 'AuthController@login'); // login
Route::post('/logout', 'AuthController@logout'); // logout (invalidate token)
Route::post('/refresh', 'AuthController@refresh'); // refresh token});
kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'password',
'model' => App\User::class,
],
/*'users' => [
'driver' => 'database',
'table' => 'user',
],*/
],
用户\授权控制器
<?php
namespace App\Http\Controllers\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use AjaxResponse;
use Log;
class AuthController extends Controller
{
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login']]);
}
/**
* login
* @param Request $request
* @return mixed
*/
public function login(Request $request)
{
$credentials = $request->only('phone', 'password');
if (! $token = auth()->attempt($credentials)) {
return AjaxResponse::fail(4001);
}
return $this->respondWithToken($token);
}
/**
* logout(invalidate token)
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
Log::debug('yyyyyyyyy');
auth()->logout();
return AjaxResponse::succeed(['message' => 'Successfully logged out']);
}
/**
* refresh token
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
return $this->respondWithToken(auth()->refresh());
}
/**
* get token structure
* @param $token
* @return mixed
*/
protected function respondWithToken($token)
{
if (Auth::user()['deleted_at'] || ! Auth::user()['is_active'])
return AjaxResponse::fail(4001);
else
return AjaxResponse::succeed([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60,
'user_name' => Auth::user()['name'],
'user_admin' => (bool)Auth::user()['is_admin']
]);
}
}
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login', 'refresh', 'logout']]);
}
经过几次尝试后,我更改了AuthController的构造函数,它成功了 用户\授权控制器
<?php
namespace App\Http\Controllers\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use AjaxResponse;
use Log;
class AuthController extends Controller
{
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login']]);
}
/**
* login
* @param Request $request
* @return mixed
*/
public function login(Request $request)
{
$credentials = $request->only('phone', 'password');
if (! $token = auth()->attempt($credentials)) {
return AjaxResponse::fail(4001);
}
return $this->respondWithToken($token);
}
/**
* logout(invalidate token)
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
Log::debug('yyyyyyyyy');
auth()->logout();
return AjaxResponse::succeed(['message' => 'Successfully logged out']);
}
/**
* refresh token
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
return $this->respondWithToken(auth()->refresh());
}
/**
* get token structure
* @param $token
* @return mixed
*/
protected function respondWithToken($token)
{
if (Auth::user()['deleted_at'] || ! Auth::user()['is_active'])
return AjaxResponse::fail(4001);
else
return AjaxResponse::succeed([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60,
'user_name' => Auth::user()['name'],
'user_admin' => (bool)Auth::user()['is_admin']
]);
}
}
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login', 'refresh', 'logout']]);
}
我添加了函数作为'except'的值,我希望在其中使当前会话无效。经过几次尝试后,我更改了AuthController的构造函数,它成功了 用户\授权控制器
<?php
namespace App\Http\Controllers\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use AjaxResponse;
use Log;
class AuthController extends Controller
{
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login']]);
}
/**
* login
* @param Request $request
* @return mixed
*/
public function login(Request $request)
{
$credentials = $request->only('phone', 'password');
if (! $token = auth()->attempt($credentials)) {
return AjaxResponse::fail(4001);
}
return $this->respondWithToken($token);
}
/**
* logout(invalidate token)
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
Log::debug('yyyyyyyyy');
auth()->logout();
return AjaxResponse::succeed(['message' => 'Successfully logged out']);
}
/**
* refresh token
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
return $this->respondWithToken(auth()->refresh());
}
/**
* get token structure
* @param $token
* @return mixed
*/
protected function respondWithToken($token)
{
if (Auth::user()['deleted_at'] || ! Auth::user()['is_active'])
return AjaxResponse::fail(4001);
else
return AjaxResponse::succeed([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60,
'user_name' => Auth::user()['name'],
'user_admin' => (bool)Auth::user()['is_admin']
]);
}
}
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login', 'refresh', 'logout']]);
}
我添加了函数作为'except'的值,我希望在其中使当前会话无效。消息日志
yyyyyyy
是否正常?消息“已成功注销”
是否返回?或者仅仅是,没有失效的代币?@cbaconier我刚刚更新了我的问题。请重新检查。您的屏幕截图是您点击/logout
时发布的结果,对吗?在这种情况下,您的请求可能是错误的。因为您使用的是API,所以它应该是内容类型:application/json
,标题应该包含Authorization:Bearer
,此外我还解释了:您所做的请求可能是错误的。我猜这是因为我看到了一个HTML屏幕截图。Laravel通常会将您重定向到/login
(而不是/api/login
),因为它不会将请求视为json
,也不会将您视为经过身份验证的请求。@cba我已经找到了一种方法使其工作,但是,我没有清楚地解释逻辑。消息日志yyyyyyyy
工作吗?消息“已成功注销”
是否返回?或者仅仅是,没有失效的代币?@cbaconier我刚刚更新了我的问题。请重新检查。您的屏幕截图是您点击/logout
时发布的结果,对吗?在这种情况下,您的请求可能是错误的。因为您使用的是API,所以它应该是内容类型:application/json
,标题应该包含Authorization:Bearer
,此外我还解释了:您所做的请求可能是错误的。我猜这是因为我看到了一个HTML屏幕截图。Laravel's通常会将您重定向到/login
(而不是/api/login
),因为它不会将请求视为json
,也不会将您视为经过身份验证的请求。@cba我已经找到了一种使其工作的方法,不过,我没有清楚地解释逻辑。