Laravel¿ª·¢£ºÔõÑùʹÓÃLaravel PassportÖÎÀíOAuth2£¿
ÔÚwebÓ¦ÓóÌÐò¿ª·¢ÖУ¬¾³£ÐèҪʹÓÃoauth2ÐÒé¾ÙÐÐÓû§Éí·ÝÑéÖ¤ºÍÊÚȨ£¬ÒÔ±ãÓû§¿ÉÒÔÇå¾²µØʹÓõÚÈý·½Ð§ÀÍ¡£Í¨¹ýʹÓÃlaravel passport£¬Äã¿ÉÒÔÀû±ãµØ´¦Àíoauth2ÐÒ飬ʵÏÖÔÚlaravelÓ¦ÓóÌÐòÖеÄÉí·ÝÑéÖ¤ºÍÊÚȨ¡£
Laravel PassportÊÇÒ»¸ö¿ªÔ´Èí¼þ°ü£¬ÌṩÁËÒ»¸öÍêÕûµÄOAuth2ЧÀÍÆ÷ʵÏÖ£¬°üÀ¨TokenÌìÉú¡¢TokenÖÎÀí¡¢×÷ÓÃÓòµÈ¹¦Ð§£¬Ê¹µÃOAuth2ÐÒéÔÚLaravelÓ¦ÓóÌÐòÖеÄʵÏÖ±äµÃºÜÊÇÈÝÒס£
±¾ÎĽ«ÏòÄãÏÈÈÝÔõÑùʹÓÃLaravel PassportÀ´ÖÎÀíOAuth2ÐÒé¡£
ʹÓÃLaravel PassportÌìÉúAPIÃÜÔ¿
ÔÚʹÓÃOAuth2ÐÒé֮ǰ£¬ÎÒÃÇÐèÒªÌìÉúAPIÃÜÔ¿¡£APIÃÜÔ¿½«×÷ΪOAuth2¿Í»§¶ËIDºÍÃÜԿʹÓ㬲¢ÓÃÓÚ»ñÈ¡»á¼ûÁîÅÆ¡£ÎÒÃÇ¿ÉÒÔʹÓÃLaravel PassportÌṩµÄartisanÏÂÁîÌìÉúAPIÃÜÔ¿¡£
Ê×ÏÈ£¬Ê¹ÓÃcomposer×°ÖÃLaravel Passport£º
composer require laravel/passport
µÇ¼ºó¸´ÖÆ
È»ºó£¬ÔËÐÐǨáãÏÂÁ
php artisan migrate
µÇ¼ºó¸´ÖÆ
½ÓÏÂÀ´£¬Ê¹ÓÃPassportµÄclient:secretÏÂÁîÌìÉúAPIÃÜÔ¿£º
php artisan passport:client --password
µÇ¼ºó¸´ÖÆ
Õ⽫ÌìÉúÒ»¸ö¿Í»§¶ËIDºÍÒ»¸ö¿Í»§¶ËÃÜÔ¿¡£
ÉèÖÃOAuth2ЧÀÍ
ÔÚÌìÉúAPIÃÜÔ¿Ö®ºó£¬ÎÒÃÇÐèÒªÉèÖÃOAuth2ЧÀÍ¡£Laravel PassportÌṩÁËһЩÉèÖÃÑ¡Ï¿ÉÒÔͨ¹ýÐÞ¸ÄLaravelÓ¦ÓóÌÐòµÄconfig/auth.phpÎļþÀ´ÉèÖÃÕâЩѡÏî¡£
ÔÚauth.phpÎļþÖУ¬ÎÒÃÇÐèÒªÉèÖÃapiÇý¶¯³ÌÐòΪPassportÇý¶¯³ÌÐò£¬ÕâÑùLaravel¾Í»áʹÓÃPassportÀ´´¦ÀíÓû§Éí·ÝÑéÖ¤ºÍÊÚȨ¡£
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', 'hash' => false, ], ],
µÇ¼ºó¸´ÖÆ
½¨ÉèOAuth2·ÓÉ
½ÓÏÂÀ´£¬ÎÒÃÇÐèÒªÔÚÓ¦ÓóÌÐòÖн¨ÉèһЩOAuth2·ÓÉ£¬ÕâЩ·Óɽ«ÓÃÓÚ´¦ÀíOAuth2ÇëÇó¡£ÎÒÃÇ¿ÉÒÔʹÓÃLaravel PassportÌṩµÄ×Ô¶¯ÌìÉú·ÓɵÄartisanÏÂÁîÀ´½¨ÉèÕâЩ·ÓÉ¡£
php artisan passport:routes
µÇ¼ºó¸´ÖÆ
Õ⽫×Ô¶¯ÌìÉúÒÔÏ·ÓÉ£º
+-----------+------------------------+-------------------------------------------------+---------------------------------+------------------------------------------------------------------+------------------------+ | Method | URI | Name | Action | Middleware | In | +-----------+------------------------+-------------------------------------------------+---------------------------------+------------------------------------------------------------------+------------------------+ | GET|HEAD | oauth/authorize | passport.authorizations.authorize | LaravelPassportHttpControllersAuthorizationController@show | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:view-authorizations | | POST | oauth/authorize | passport.authorizations.approve | LaravelPassportHttpControllersApproveAuthorizationController | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:approve-authorizations | | DELETE | oauth/authorize | passport.authorizations.deny | LaravelPassportHttpControllersDenyAuthorizationController | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:deny-authorizations | | POST | oauth/clients | passport.clients.store | LaravelPassportHttpControllersClientController@store | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:create-clients | | GET|HEAD | oauth/clients | passport.clients.index | LaravelPassportHttpControllersClientController@forUser | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:view-clients | | PUT | oauth/clients/{client} | passport.clients.update | LaravelPassportHttpControllersClientController@update | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:update-clients | | DELETE | oauth/clients/{client} | passport.clients.destroy | LaravelPassportHttpControllersClientController@destroy | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:delete-clients | | POST | oauth/token | passport.token | LaravelPassportHttpControllersAccessTokenController@issueToken| throttle | LaravelPassportHttpMiddlewareCheckClientCredentials,can:issue-tokens | | POST | oauth/token/refresh | passport.token.refresh | LaravelPassportHttpControllersTransientTokenController@refresh | throttle | LaravelPassportHttpMiddlewareCheckClientCredentials,can:refresh-tokens | | DELETE | oauth/tokens/{token} | passport.tokens.destroy | LaravelPassportHttpControllersAuthorizedAccessTokenController@destroy | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,throttle:60,1,oauth | | GET|HEAD | oauth/tokens | passport.tokens.index | LaravelPassportHttpControllersAuthorizedAccessTokenController@forUser | web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:view-tokens | | DELETE | oauth/tokens | passport.tokens.destroy.all | LaravelPassportHttpControllersAuthorizedAccessTokenController@destroyAll| web,auth | LaravelPassportHttpMiddlewareCheckClientCredentials,can:delete-tokens | +-----------+------------------------+-------------------------------------------------+---------------------------------+------------------------------------------------------------------+------------------------+
µÇ¼ºó¸´ÖÆ
ÕâЩ·Óɶ¼ÊÇPassportÄÚÖõÄ·ÓÉ£¬²¢Ê¹ÓÃpassport.ǰ׺Ãû³Æ¡£
½ç˵OAuth2¿Í»§¶Ë
ÏÖÔÚÎÒÃÇÒѾ׼±¸ºÃÁË£¬¿ÉÒÔ×îÏȽç˵OAuth2¿Í»§¶ËÁË¡£ÎÒÃÇ¿ÉÒÔʹÓÃÏÈËÞÊÀ³ÉµÄAPIÃÜÔ¿À´½¨ÉèOAuth2¿Í»§¶Ë¡£
ÔÚÊý¾Ý¿âÖн¨ÉèÒ»¸öеÄOAuth2¿Í»§¶Ë¡£ÎÒÃÇ¿ÉÒÔÊÖ¶¯½¨ÉèËü£¬»òʹÓÃLaravel PassportÌṩµÄartisanÏÂÁîpassport:clientÀ´½¨ÉèËü¡£
ÔÚ½¨ÉèÀú³ÌÖУ¬ÎÒÃÇÐèÒªÖ¸¶¨¿Í»§¶ËµÄÃû³Æ¡¢ÃÜÔ¿¡¢»Øµ÷URLµÈ¡£
ÊÖ¶¯½¨É裺
INSERT INTO `oauth_clients` (`id`, `user_id`, `name`, `secret`, `redirect`, `revoked`, `personal_access_client`, `password_client`, `updated_at`, `created_at`) VALUES (1, NULL, 'My Client', 'my-client-secret', 'http://localhost/callback', 0, 0, 1, '2021-10-01 00:00:00', '2021-10-01 00:00:00');
µÇ¼ºó¸´ÖÆ
ÓÃartisan½¨É裺
php artisan passport:client --client --name="My Client"
µÇ¼ºó¸´ÖÆ
ÔËÐдËÏÂÁîºó£¬Ëü½«×Ô¶¯ÌìÉúOAuth2¿Í»§¶Ë£¬²¢ÏÔʾ¿Í»§¶ËIDºÍÃÜÔ¿¡£
ÌìÉúOAuth2»á¼ûÁîÅÆ
ÏÖÔÚÎÒÃÇÒѾ׼±¸ºÃÁËOAuth2¿Í»§¶Ë£¬²¢½ç˵ÁËOAuth2·ÓÉ£¬ÎÒÃÇ¿ÉÒÔ×îÏÈʹÓÃOAuth2ÐÒéÀ´ÌìÉú»á¼ûÁîÅÆ¡£
ÎÒÃÇ¿ÉÒÔʹÓÃpassport:clientÏÂÁîÌìÉú»á¼ûÁîÅÆ£º
php artisan passport:client --client --password
µÇ¼ºó¸´ÖÆ
ÔËÐдËÏÂÁîºó£¬Ëü½«ÌìÉúÒ»¸öOAuth2¿Í»§¶Ë²¢×Ô¶¯Îª¸Ã¿Í»§¶ËÌìÉúÒ»¸ö»á¼ûÁîÅÆ¡£
ʹÓÃOAuth2»á¼ûÁîÅƾÙÐÐAPIŲÓÃ
×îºóÒ»²½ÊÇʹÓÃOAuth2»á¼ûÁîÅƾÙÐÐAPIŲÓá£ÎÒÃÇ¿ÉÒÔʹÓÃLaravel×Ô´øµÄGuzzleÀ´·¢ËÍHTTPÇëÇ󣬲¢½«»á¼ûÁîÅÆ×÷ΪAuthorization Header·¢ËÍ¡£
use GuzzleHttpClient; $client = new Client(); $response = $client->request('GET', 'http://localhost/api/user', [ 'headers' => [ 'Authorization' => 'Bearer '.$accessToken, ], ]); $body = $response->getBody()->getContents();
µÇ¼ºó¸´ÖÆ
ÐèҪעÖصÄÊÇ£¬¹ØÓÚÿ¸öÇëÇó£¬ÎÒÃǶ¼ÐèÒª·¢ËÍÓÐÓõĻá¼ûÁîÅÆ¡£Õâ¿ÉÒÔͨ¹ýʹÓÃPassport::actingAsÒªÁìÀ´ÊµÏÖ£¬¸ÃÒªÁ콫ָ¶¨µÄÓû§IDÌ滻ΪÓÐÓõÄÊÚȨÁîÅÆ¡£
use LaravelPassportPassport; Passport::actingAs($user); $response = $client->request('GET', 'http://localhost/api/user', [ 'headers' => [ 'Authorization' => 'Bearer '.$accessToken, ], ]);
µÇ¼ºó¸´ÖÆ
½áÂÛ
ÔÚ±¾ÎÄÖУ¬ÎÒÃÇÏÈÈÝÁËÔõÑùʹÓÃLaravel PassportÀ´ÖÎÀíOAuth2ÐÒ顣ʹÓÃLaravel Passport¿ÉÒÔÇáËɵØÌìÉúAPIÃÜÔ¿¡¢ÉèÖÃOAuth2ЧÀÍ¡¢½¨ÉèOAuth2·ÓÉ¡¢½ç˵OAuth2¿Í»§¶Ë¡¢ÌìÉúOAuth2»á¼ûÁîÅÆÒÔ¼°Ê¹ÓÃËüÃÇÀ´¾ÙÐÐAPIŲÓá£ÔÚ¿ª·¢WebÓ¦ÓóÌÐòʱʹÓÃOAuth2ÐÒ飬Laravel PassportÊÇÒ»¸öºÜÊǺõÄÑ¡Ôñ¡£
ÒÔÉϾÍÊÇLaravel¿ª·¢£ºÔõÑùʹÓÃLaravel PassportÖÎÀíOAuth2£¿µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡