Fatal编程技术网
  • rest/
  • Rest 正在寻找关于Laravel5.2OAuth2实现的从开始到结束的操作方法

Rest 正在寻找关于Laravel5.2OAuth2实现的从开始到结束的操作方法

rest authentication oauth laravel-5 oauth-2.0

Rest 正在寻找关于Laravel5.2OAuth2实现的从开始到结束的操作方法,rest,authentication,oauth,laravel-5,oauth-2.0,Rest,Authentication,Oauth,Laravel 5,Oauth 2.0,快速背景:我对PHP有相当丰富的经验,但需要构建我的第一个RESTful API。我想我应该试试Laravel(5.2),我开始觉得很舒服了 我在周末开始在我的项目中添加auth,我真的很难让它正常工作。我让基本的Laravel Auth中间件快速工作,但我认为我需要在生产中使用OAuth2(我将构建一个连接到此服务器的移动应用程序)。我使用的是Luca Degasperi OAuth2包,它似乎非常流行 我查看了实际的文档:) 我还学习了本教程: 最近,我发现了这样一条线索,即在任何事情都起作

快速背景:我对PHP有相当丰富的经验,但需要构建我的第一个RESTful API。我想我应该试试Laravel(5.2),我开始觉得很舒服了

我在周末开始在我的项目中添加auth,我真的很难让它正常工作。我让基本的Laravel Auth中间件快速工作,但我认为我需要在生产中使用OAuth2(我将构建一个连接到此服务器的移动应用程序)。我使用的是Luca Degasperi OAuth2包,它似乎非常流行

我查看了实际的文档:)

我还学习了本教程:

最近,我发现了这样一条线索,即在任何事情都起作用之前,需要为OAuth表种子:

这一切都很好,但在最近的Laravel分布中有一些细微的差异。例如,/app/Http/Kernel.php与我发现的一些示例中显示的略有不同,因为它现在使用中间件组。我认为我正确地处理了这些差异(我将OAutheExceptionHandlerMiddleware类添加到$middlewareGroups的“web”部分,而不是$middleware)。我让我的播种机工作了(当前的oauth_scopes表只允许您提供一个描述,所以我不得不缩小上面第三个链接中提供的内容)

如果我在routes.php的“web”组中放置一个测试路由,我会认为这需要OAuth,因为我在Kernel.php的“web”中间件组中添加了OAuth。事实并非如此。如果我这样做,我的路由将不进行身份验证

然后,我明确地将OAuth中间件添加到我的测试路由中,如下所示:

Route::get('tests/events', ['middleware' => 'oauth', function() {
    $events = App\Event::get();
    return response()->json($events);
}]);
这会导致一个500错误(“OAuth2ServerServiceProvider.php第126行中的ErrorException:explode()期望参数2是字符串,对象给定”)

我感到很失落。这些软件包中的每一个似乎都在快速变化,因此没有关于如何启动和运行的完整文档

我还需要做什么才能让它正常工作?

以下链接最终让我摆脱了困境:

现在我已经让它工作了,我将尝试让它成为一个只针对密码授予类型的完整操作。我没有和其他格兰特类型的人一起玩。因此,这假设您正在构建类似RESTful API的东西,用户将通过您要构建的客户端应用程序连接到该API。因此,用户将在您的系统中创建一个用户帐户,然后当他们发送REST请求时,OAuth2包将对他们进行身份验证,并向他们发送一个令牌以保持登录状态

我使用的是Laravel5.2,并且已经安装并运行了基本的Auth包。请注意,这些步骤中的很多似乎都会随着Laravel或OAuth2包的增量发布而改变

实现这一目标的第一部分已经有了很好的文档记录(),但这里有一个总结,以防万一

编辑
composer.json
文件的
require
部分,使其看起来像这样:

"require": {
    "php": ">=5.5.9",
    "laravel/framework": "5.2.*",
    "lucadegasperi/oauth2-server-laravel": "5.1.*"
},

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        //Added for OAuth2 Server
        \LucaDegasperi\OAuth2Server\Middleware\OAuthExceptionHandlerMiddleware::class,

        //Commented out for OAuth2 Server
        //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

    //Added for OAuth2 Server
    'oauth' => \LucaDegasperi\OAuth2Server\Middleware\OAuthMiddleware::class,
    'oauth-user' => \LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware::class,
    'oauth-client' => \LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware::class,
    'check-authorization-params' => \LucaDegasperi\OAuth2Server\Middleware\CheckAuthCodeRequestMiddleware::class,
    'csrf' => App\Http\Middleware\VerifyCsrfToken::class,
];

'grant_types' => [
    'password' => [
        'class' => '\League\OAuth2\Server\Grant\PasswordGrant',
        'callback' => '\App\PasswordGrantVerifier@verify',
        'access_token_ttl' => 3600
    ]
]

<?php

use Illuminate\Database\Seeder;

class OAuthClientsTableSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        //Add sample users
        $oAuthClients = array(
            array(
                'id' => 'TEST_ENVIRONMENT',
                'secret' => 'b17b0ec30dbb6e1726a17972afad008be6a3e4a5',
                'name' => 'TEST_ENVIRONMENT'
            )
        );

        foreach ($oAuthClients as $oAuthClient) {
            App\OAuthClient::create($oAuthClient);
        }
    }
}

Route::post('oauth/access_token', function() {
    return Response::json(Authorizer::issueAccessToken());
});

Route::group(['middleware' => 'oauth'], function () {

    Route::get('authroute', function() {
        //OAuth will be required to access this route
    });

    Route::post('postwithauth', function(Request $request) {
        $userID = Authorizer::getResourceOwnerId();
        $input = $request->input();
        return response()->json(array('userID' => $userID, 'input' => $input));
    });

});

Route::get('noauthroute', function () {
    //No authorization will be required to access this route
});
运行
composer update
下载软件包

打开您的
config/app.php
文件,并在
providers
部分的末尾添加以下两行内容:

LucaDegasperi\OAuth2Server\Storage\FluentStorageServiceProvider::class,
LucaDegasperi\OAuth2Server\OAuth2ServerServiceProvider::class,
同样在
config/app.php
中,将此行添加到
别名数组中:


'Authorizer' => LucaDegasperi\OAuth2Server\Facades\Authorizer::class,




现在我们开始做一些不同于文档的事情,以适应当前版本的Laravel

打开
app/Http/Kernel.php
。Laravel现在使用组,但以前不使用。更新您的
$middlewareGroups
,如下所示:


"require": {
    "php": ">=5.5.9",
    "laravel/framework": "5.2.*",
    "lucadegasperi/oauth2-server-laravel": "5.1.*"
},



protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        //Added for OAuth2 Server
        \LucaDegasperi\OAuth2Server\Middleware\OAuthExceptionHandlerMiddleware::class,

        //Commented out for OAuth2 Server
        //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];



protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

    //Added for OAuth2 Server
    'oauth' => \LucaDegasperi\OAuth2Server\Middleware\OAuthMiddleware::class,
    'oauth-user' => \LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware::class,
    'oauth-client' => \LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware::class,
    'check-authorization-params' => \LucaDegasperi\OAuth2Server\Middleware\CheckAuthCodeRequestMiddleware::class,
    'csrf' => App\Http\Middleware\VerifyCsrfToken::class,
];



'grant_types' => [
    'password' => [
        'class' => '\League\OAuth2\Server\Grant\PasswordGrant',
        'callback' => '\App\PasswordGrantVerifier@verify',
        'access_token_ttl' => 3600
    ]
]



<?php

use Illuminate\Database\Seeder;

class OAuthClientsTableSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        //Add sample users
        $oAuthClients = array(
            array(
                'id' => 'TEST_ENVIRONMENT',
                'secret' => 'b17b0ec30dbb6e1726a17972afad008be6a3e4a5',
                'name' => 'TEST_ENVIRONMENT'
            )
        );

        foreach ($oAuthClients as $oAuthClient) {
            App\OAuthClient::create($oAuthClient);
        }
    }
}



Route::post('oauth/access_token', function() {
    return Response::json(Authorizer::issueAccessToken());
});

Route::group(['middleware' => 'oauth'], function () {

    Route::get('authroute', function() {
        //OAuth will be required to access this route
    });

    Route::post('postwithauth', function(Request $request) {
        $userID = Authorizer::getResourceOwnerId();
        $input = $request->input();
        return response()->json(array('userID' => $userID, 'input' => $input));
    });

});

Route::get('noauthroute', function () {
    //No authorization will be required to access this route
});


同样在
app/Http/kernel.php
中,更新
$routeMiddleware
如下所示:


"require": {
    "php": ">=5.5.9",
    "laravel/framework": "5.2.*",
    "lucadegasperi/oauth2-server-laravel": "5.1.*"
},



protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        //Added for OAuth2 Server
        \LucaDegasperi\OAuth2Server\Middleware\OAuthExceptionHandlerMiddleware::class,

        //Commented out for OAuth2 Server
        //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];



protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

    //Added for OAuth2 Server
    'oauth' => \LucaDegasperi\OAuth2Server\Middleware\OAuthMiddleware::class,
    'oauth-user' => \LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware::class,
    'oauth-client' => \LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware::class,
    'check-authorization-params' => \LucaDegasperi\OAuth2Server\Middleware\CheckAuthCodeRequestMiddleware::class,
    'csrf' => App\Http\Middleware\VerifyCsrfToken::class,
];



'grant_types' => [
    'password' => [
        'class' => '\League\OAuth2\Server\Grant\PasswordGrant',
        'callback' => '\App\PasswordGrantVerifier@verify',
        'access_token_ttl' => 3600
    ]
]



<?php

use Illuminate\Database\Seeder;

class OAuthClientsTableSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        //Add sample users
        $oAuthClients = array(
            array(
                'id' => 'TEST_ENVIRONMENT',
                'secret' => 'b17b0ec30dbb6e1726a17972afad008be6a3e4a5',
                'name' => 'TEST_ENVIRONMENT'
            )
        );

        foreach ($oAuthClients as $oAuthClient) {
            App\OAuthClient::create($oAuthClient);
        }
    }
}



Route::post('oauth/access_token', function() {
    return Response::json(Authorizer::issueAccessToken());
});

Route::group(['middleware' => 'oauth'], function () {

    Route::get('authroute', function() {
        //OAuth will be required to access this route
    });

    Route::post('postwithauth', function(Request $request) {
        $userID = Authorizer::getResourceOwnerId();
        $input = $request->input();
        return response()->json(array('userID' => $userID, 'input' => $input));
    });

});

Route::get('noauthroute', function () {
    //No authorization will be required to access this route
});


您现在必须设置您的补助金类型。您过去常常在
config\oauth2.php
中的一个位置使用带有
回调
闭包的数组来完成这一切。对于最新版本的OAuth2服务器包,您不能再对
回调使用闭包了。它必须是一个字符串。因此,您的
grant\u类型应该如下所示:


"require": {
    "php": ">=5.5.9",
    "laravel/framework": "5.2.*",
    "lucadegasperi/oauth2-server-laravel": "5.1.*"
},



protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        //Added for OAuth2 Server
        \LucaDegasperi\OAuth2Server\Middleware\OAuthExceptionHandlerMiddleware::class,

        //Commented out for OAuth2 Server
        //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];



protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

    //Added for OAuth2 Server
    'oauth' => \LucaDegasperi\OAuth2Server\Middleware\OAuthMiddleware::class,
    'oauth-user' => \LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware::class,
    'oauth-client' => \LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware::class,
    'check-authorization-params' => \LucaDegasperi\OAuth2Server\Middleware\CheckAuthCodeRequestMiddleware::class,
    'csrf' => App\Http\Middleware\VerifyCsrfToken::class,
];



'grant_types' => [
    'password' => [
        'class' => '\League\OAuth2\Server\Grant\PasswordGrant',
        'callback' => '\App\PasswordGrantVerifier@verify',
        'access_token_ttl' => 3600
    ]
]



<?php

use Illuminate\Database\Seeder;

class OAuthClientsTableSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        //Add sample users
        $oAuthClients = array(
            array(
                'id' => 'TEST_ENVIRONMENT',
                'secret' => 'b17b0ec30dbb6e1726a17972afad008be6a3e4a5',
                'name' => 'TEST_ENVIRONMENT'
            )
        );

        foreach ($oAuthClients as $oAuthClient) {
            App\OAuthClient::create($oAuthClient);
        }
    }
}



Route::post('oauth/access_token', function() {
    return Response::json(Authorizer::issueAccessToken());
});

Route::group(['middleware' => 'oauth'], function () {

    Route::get('authroute', function() {
        //OAuth will be required to access this route
    });

    Route::post('postwithauth', function(Request $request) {
        $userID = Authorizer::getResourceOwnerId();
        $input = $request->input();
        return response()->json(array('userID' => $userID, 'input' => $input));
    });

});

Route::get('noauthroute', function () {
    //No authorization will be required to access this route
});



access\u token\u ttl
是身份验证令牌有效的持续时间(以秒为单位)。默认情况下,主程序包文档使用3600(1小时)。您可能想试试604800(1周),至少在测试期间

您现在需要创建刚刚在上面的代码部分调用的
PasswordGrantVerifier
类和
verify
方法。因此,您创建一个文件
App/PasswordGrantVerifier.php
,并使用以下代码(这基本上就是
回调的闭包中使用的代码)

现在创建一个名为
database/seeds/oauthclientstableeder.php的文件,并输入如下内容:


"require": {
    "php": ">=5.5.9",
    "laravel/framework": "5.2.*",
    "lucadegasperi/oauth2-server-laravel": "5.1.*"
},



protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        //Added for OAuth2 Server
        \LucaDegasperi\OAuth2Server\Middleware\OAuthExceptionHandlerMiddleware::class,

        //Commented out for OAuth2 Server
        //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];



protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

    //Added for OAuth2 Server
    'oauth' => \LucaDegasperi\OAuth2Server\Middleware\OAuthMiddleware::class,
    'oauth-user' => \LucaDegasperi\OAuth2Server\Middleware\OAuthUserOwnerMiddleware::class,
    'oauth-client' => \LucaDegasperi\OAuth2Server\Middleware\OAuthClientOwnerMiddleware::class,
    'check-authorization-params' => \LucaDegasperi\OAuth2Server\Middleware\CheckAuthCodeRequestMiddleware::class,
    'csrf' => App\Http\Middleware\VerifyCsrfToken::class,
];



'grant_types' => [
    'password' => [
        'class' => '\League\OAuth2\Server\Grant\PasswordGrant',
        'callback' => '\App\PasswordGrantVerifier@verify',
        'access_token_ttl' => 3600
    ]
]



<?php

use Illuminate\Database\Seeder;

class OAuthClientsTableSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        //Add sample users
        $oAuthClients = array(
            array(
                'id' => 'TEST_ENVIRONMENT',
                'secret' => 'b17b0ec30dbb6e1726a17972afad008be6a3e4a5',
                'name' => 'TEST_ENVIRONMENT'
            )
        );

        foreach ($oAuthClients as $oAuthClient) {
            App\OAuthClient::create($oAuthClient);
        }
    }
}



Route::post('oauth/access_token', function() {
    return Response::json(Authorizer::issueAccessToken());
});

Route::group(['middleware' => 'oauth'], function () {

    Route::get('authroute', function() {
        //OAuth will be required to access this route
    });

    Route::post('postwithauth', function(Request $request) {
        $userID = Authorizer::getResourceOwnerId();
        $input = $request->input();
        return response()->json(array('userID' => $userID, 'input' => $input));
    });

});

Route::get('noauthroute', function () {
    //No authorization will be required to access this route
});


请密切注意上面包含的
postwithauth
路线I。OAuth2包最近改变了访问用户ID的方式,我花了很长时间才弄明白如何获取它

现在是进行测试的时候了,请将浏览器指向
localhost:8000
(或测试环境的任何路径),并为自己创建一个用户帐户(此步骤仅使用标准的Laravel Auth包)

进入您的HTTP客户机(我目前正在使用,我喜欢它)。转到请求->授权->OAuth2为要测试的路由设置授权。对于
授权类型
,选择
资源所有者密码凭据
。如果您使用上面提供的seed示例,
客户ID
测试环境
客户机密
b17b0ec30dbb6e1726a17972afad008be6a3e4a5
,输入您通过web Auth界面创建的用户名(电子邮件)和密码,您对KN URL的
访问将类似于
localhost:8000/oauth/Access_token
(取决于您设置测试环境的方式),将
范围保留为空,并保留
token