PHP Laravel Passport OAuth2始终在受保护的路由上返回未经验证的消息
我正在本地主机上运行Laravel v5.3,其域映射到bookmarkapi.dev 1) 在我的路由文件PHP Laravel Passport OAuth2始终在受保护的路由上返回未经验证的消息,php,laravel,oauth,Php,Laravel,Oauth,我正在本地主机上运行Laravel v5.3,其域映射到bookmarkapi.dev 1) 在我的路由文件/routes/web.php中,我有以下路由: // http://bookmarkapi.dev/callback Route::get('/callback', function (Request $request) { $http = new GuzzleHttp\Client; $response = $http->post('http://bookmar
/routes/web.php// http://bookmarkapi.dev/callback
Route::get('/callback', function (Request $request) {
$http = new GuzzleHttp\Client;
$response = $http->post('http://bookmarkapi.dev/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 1,
'client_secret' => 'dc2lGvM2L6lOyANVN8YPuzpsy4LnxhuT8v9aTBdn',
'redirect_uri' => 'http://bookmarkapi.dev/callback',
'code' => $_GET['code'],
//'code' => $request->code, I use $_GET['code'] ass laravel says it cannot find $request->code
],
]);
return json_decode((string) $response->getBody(), true);
});
// http://bookmarkapi.dev/redirect
Route::get('/redirect', function () {
$query = http_build_query([
'client_id' => 1,
'redirect_uri' => 'http://bookmarkapi.dev/callback',
'response_type' => 'code',
'scope' => 'crud-bookmark-collections crud-bookmark-tags crud-bookmarks',
]);
return redirect('http://bookmarkapi.dev/oauth/authorize?'.$query);
});
2) 当我访问 它重定向到:
http://bookmarkapi.dev/oauth/authorize?client_id=1&redirect_uri=http%3A%2F%2Fbookmarkapi.dev%2Fcallback&response_type=code&scope=crud-bookmark-collections+crud-bookmark-tags+crud-bookmarks
{
"token_type": "Bearer",
"expires_in": 1295999,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM4MTI3YzFkNDc1YTRlOTY3ZmQyOGMxOWI0ODFiNzJlODQzZDYwNGI0NTE1ZThhYjc4ZjkyZjVmNDczZDM4MGMyNjExYzAxZGRmMDYwMzFlIn0.eyJhdWQiOiIxIiwianRpIjoiYzgxMjdjMWQ0NzVhNGU5NjdmZDI4YzE5YjQ4MWI3MmU4NDNkNjA0YjQ1MTVlOGFiNzhmOTJmNWY0NzNkMzgwYzI2MTFjMDFkZGYwNjAzMWUiLCJpYXQiOjE0ODA0Mzk4MTAsIm5iZiI6MTQ4MDQzOTgxMCwiZXhwIjoxNDgxNzM1ODA5LCJzdWIiOiI0Iiwic2NvcGVzIjpbImNydWQtYm9va21hcmstY29sbGVjdGlvbnMiLCJjcnVkLWJvb2ttYXJrLXRhZ3MiLCJjcnVkLWJvb2ttYXJrcyJdfQ.kfuF4QJyX1IXv7gx0ZsxURlnBa8DP6u9elj0QAF82FYZfIlOwCAzSsrpDb9XEB3kEkbnXZAsIyrMe7nY5nV_7T9_kdODOqfA2r93zqLKg-I_UMMyTtI6UZJWNVGXsO2K25GQD2AJXodI2T9gW-zyUIuj5tjzRrpXAv047WcuIGr9ghG3qpaYlrZyT7lKuV6aBrhnPYk8gU8gHZAAx0nw457vRePs_bis3KbkF62HRfgYIXSIG2i6al-gYAEtejKAXGpZkeIiuoOnkqsxt9WdNJKqsfDvlwZ4P_-3YfFgvjfGn3O5hkRIghyc7BwG8vShE28s_PPl91aHwbaAEfWDLePTHGQrUJXCpMdnuk8owqdbSfrU8BJtByONNk9Plj0RLY445LxmqDWt1Er36JvzoQObOy0YrB1tqbVg19_tA_xyKdZkQIwbeE0hlZV7kuUPMjur0n0jBpoXIaZRVHP7fOT5iIiMFiB8V882L8lrrO14_ebYQ8z-mAi7k_7P1cJwahtpbSg2L96ZlY6zGM1dWwX9GFDivlTSBqAJjkAumU9731jn83_BJrSGKwh5rIt-ckccdKWppuDHqpH8OOUJpozpljdSfuUwBoYX4QlJkq2jgw_Gu1hbeNdKhtinuUQ18DGs7WEP4WY9BZQwu-YXLCWDYf-a6Az6AJ64xWjggA0",
"refresh_token": "MGFQoiIFVO2+RVZ1DuijU6DKAc+h7I8cIj+cP9W0LMAhOHZVrr0rUT6AvrY+BL6lCS9HPPkcRaaniiI02xG4af5DzdwXLLeRq4TfbZ+L1I0jZeqcLemOOvrh6ri9lPuOsbfVBEtJBHcZBCoby00p33ZBvIGQgXqo+iQZw1c6M3J4gbBOJIEVPKrSpuOEPoOdU6taDRaslaeP6E2wqJ7y2DTjObUiBb4TQwpJL6H+3JoJgjEjpKQihIZ99KgwrVFcnKrxOd/ZqVdnf+xYRfWxsL5YzD/k/L/0r0Y9TINPcqUt+m2diiIcikTS76g9qkrNQ5/yTMhYhDAMmF7MK1IQAAOQf23aq4C09Nj+PbjPnQmsR84Kz+A9psb0WsFKTMrzRrjXPrgv+YR3eu8zdBKC1vyc59O4wfAc0zGNe9TnnQ+oUF0dKIr2XbKDDtlUX8Ko5u0qIEMjePV/lnkloKoxIYcRrlVfA8Gvihwldi47fvmcS7wqSVLlwawSXeBK68Ah7AMkCu4VIjQuIHv8C5M6Yzgy5ede5Lrf3kk7hFmWilTFY5igMQiFLOYyQCbb7n4A7/5tMWy6r2iKMbhc1ua6V1+S/ki7PKCP2utFpolXZcc0haU94NEbtoUROJ+TpaWQYKypFu3OcinfRYTpvVDkzR08F+Fest8Wcdvxqby09po="
}
3) 单击“授权”按钮,然后重定向到此URL:
http://bookmarkapi.dev/callback?code=wBa9765%2FOnbjT2brMKdxEkxavROg0k5wJ6bZ3h5OZVI%2BMF5%2BAHs2j9ghpgI%2FRJRnC0hCYrGRyQvSLZmnnqASSmO4%2BAn8yXU0TNgJiC2p4kvCHrwA4Vy6va8rRwnFRNcbDOGapEAvoC%2Ba4A6iMAd1EXdvWK8Ur%2B8N5jKNQQrUd45hFMNzohWq2WPXd9Q1IbuNoKZoq0h%2BWtAHB6M07QH27a0kTCBVQ9K%2B7msjKuQRSmQSTfWRoKW0al6OSNo%2Fqo3Gx9EnCct%2BgEVuO3LvLJXRWGA9cns7LnLPJMCmUbQeaPY88F3%2BRhHRcfLYnZJthvxnuOLI2RtIKszjyEstdam%2Blgme60Ml0aGvfQy3ZgsoHwsHnYVBi%2BNiy9W3zWY0CHzDEVjtMyEjTqLPFoVNUSV2BVrclZrGsCOSXXinZsZHc4h1nxU6yuLdf%2F8O4eIHZh%2BNbbxBH1usbZfMlv2POSUW%2FfW0g1wRwWnu%2BO0FEhjJtgAfCnSpoSZQ6M72ecGAODHojvRCnJLARQESp4VGsElclXxmILNq5gwXKkIpY2k%2FqMsXCLcDB%2BaPZOCttlykk%2BiCIFYVN2H0Cze8HfYxDn5tubb3kWy%2Fi4ZxGp5rFwBPkJ5C3p3H3KNjShZmmJZ1l6xn9oXB2Q0H9zFTjMxkDH4zQAUqIMBa52ZmyQcmojv%2BqYs%3D
{
"token_type": "Bearer",
"expires_in": 1295999,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM4MTI3YzFkNDc1YTRlOTY3ZmQyOGMxOWI0ODFiNzJlODQzZDYwNGI0NTE1ZThhYjc4ZjkyZjVmNDczZDM4MGMyNjExYzAxZGRmMDYwMzFlIn0.eyJhdWQiOiIxIiwianRpIjoiYzgxMjdjMWQ0NzVhNGU5NjdmZDI4YzE5YjQ4MWI3MmU4NDNkNjA0YjQ1MTVlOGFiNzhmOTJmNWY0NzNkMzgwYzI2MTFjMDFkZGYwNjAzMWUiLCJpYXQiOjE0ODA0Mzk4MTAsIm5iZiI6MTQ4MDQzOTgxMCwiZXhwIjoxNDgxNzM1ODA5LCJzdWIiOiI0Iiwic2NvcGVzIjpbImNydWQtYm9va21hcmstY29sbGVjdGlvbnMiLCJjcnVkLWJvb2ttYXJrLXRhZ3MiLCJjcnVkLWJvb2ttYXJrcyJdfQ.kfuF4QJyX1IXv7gx0ZsxURlnBa8DP6u9elj0QAF82FYZfIlOwCAzSsrpDb9XEB3kEkbnXZAsIyrMe7nY5nV_7T9_kdODOqfA2r93zqLKg-I_UMMyTtI6UZJWNVGXsO2K25GQD2AJXodI2T9gW-zyUIuj5tjzRrpXAv047WcuIGr9ghG3qpaYlrZyT7lKuV6aBrhnPYk8gU8gHZAAx0nw457vRePs_bis3KbkF62HRfgYIXSIG2i6al-gYAEtejKAXGpZkeIiuoOnkqsxt9WdNJKqsfDvlwZ4P_-3YfFgvjfGn3O5hkRIghyc7BwG8vShE28s_PPl91aHwbaAEfWDLePTHGQrUJXCpMdnuk8owqdbSfrU8BJtByONNk9Plj0RLY445LxmqDWt1Er36JvzoQObOy0YrB1tqbVg19_tA_xyKdZkQIwbeE0hlZV7kuUPMjur0n0jBpoXIaZRVHP7fOT5iIiMFiB8V882L8lrrO14_ebYQ8z-mAi7k_7P1cJwahtpbSg2L96ZlY6zGM1dWwX9GFDivlTSBqAJjkAumU9731jn83_BJrSGKwh5rIt-ckccdKWppuDHqpH8OOUJpozpljdSfuUwBoYX4QlJkq2jgw_Gu1hbeNdKhtinuUQ18DGs7WEP4WY9BZQwu-YXLCWDYf-a6Az6AJ64xWjggA0",
"refresh_token": "MGFQoiIFVO2+RVZ1DuijU6DKAc+h7I8cIj+cP9W0LMAhOHZVrr0rUT6AvrY+BL6lCS9HPPkcRaaniiI02xG4af5DzdwXLLeRq4TfbZ+L1I0jZeqcLemOOvrh6ri9lPuOsbfVBEtJBHcZBCoby00p33ZBvIGQgXqo+iQZw1c6M3J4gbBOJIEVPKrSpuOEPoOdU6taDRaslaeP6E2wqJ7y2DTjObUiBb4TQwpJL6H+3JoJgjEjpKQihIZ99KgwrVFcnKrxOd/ZqVdnf+xYRfWxsL5YzD/k/L/0r0Y9TINPcqUt+m2diiIcikTS76g9qkrNQ5/yTMhYhDAMmF7MK1IQAAOQf23aq4C09Nj+PbjPnQmsR84Kz+A9psb0WsFKTMrzRrjXPrgv+YR3eu8zdBKC1vyc59O4wfAc0zGNe9TnnQ+oUF0dKIr2XbKDDtlUX8Ko5u0qIEMjePV/lnkloKoxIYcRrlVfA8Gvihwldi47fvmcS7wqSVLlwawSXeBK68Ah7AMkCu4VIjQuIHv8C5M6Yzgy5ede5Lrf3kk7hFmWilTFY5igMQiFLOYyQCbb7n4A7/5tMWy6r2iKMbhc1ua6V1+S/ki7PKCP2utFpolXZcc0haU94NEbtoUROJ+TpaWQYKypFu3OcinfRYTpvVDkzR08F+Fest8Wcdvxqby09po="
}
4) 在文件routes/api.php中,我有所有这些api的测试路径,只是尝试了不同的东西,希望1可以工作!:
Route::any('/user', function (Request $request) {
echo 'api user';
})->middleware('auth:api', 'cors');
Route::get('/user2', function (Request $request) {
print_r($request);
//return $request->user();
})->middleware('auth:api', 'cors');
// OAuth Scopes
// crud-bookmark-collections' => 'Create/Edit/Delete/View Bookmark Collections',
// crud-bookmark-tags' => 'Create/Edit/Delete/View Bookmark Tags',
// crud-bookmarks
Route::any('/whatever1', function () {
// do stuff
return 'hi';
})->middleware('anyScope:crud-bookmark-collections', 'cors');;
// Any of the given scopes
Route::any('/whatever2', function () {
// do stuff
})->middleware('anyScope:crud-bookmark-collections,crud-bookmark-tags,crud-bookmarks', 'cors');
// All of the given scopes
Route::any('/whatever3', function () {
// do stuff
echo 'test';
})->middleware('allScopes:crud-bookmark-collections,crud-bookmark-tags,crud-bookmarks', 'cors');
5) 当我在像Postman这样的程序中使用以下标题测试post时: 结果总是这样:
{
"error": "Unauthenticated."
}
我被卡住了。我无法使用OAuth令牌显示我的任何路由,因为它们总是显示未经验证的
任何帮助都将是巨大的,请经过数周的尝试和研究,我终于成功了
在文件app\Providers\RouteServiceProvider.php
在函数mapApiRoutes()中
我改变了这一点:
protected function mapApiRoutes()
{
Route::group([
'middleware' => 'api',
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');
});
}
为此:
protected function mapApiRoutes()
{
Route::group([
'middleware' => 'auth:api',
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');
});
}
注意上面的第4行:'middleware'=>'api'
需要是'middleware'=>'auth:api'
这使得我的受保护的API路由现在可以与我的OAuth秘密一起工作!非常高兴,也许这可以帮别人省下几个星期甚至几个月的头痛 救了我一天:)