安装passport
注册数据表
生成密钥
<?php
namespace App;
use IlluminateNotificationsNotifiable;
use IlluminateFoundationAuthUser as Authenticatable;
use LaravelPassportHasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
/**
* The attributes that should be cast to native types.
*
* @var array
*/
protected $casts = [
'email_verified_at' => 'datetime',
];
/**
* 通过用户名/手机号码找到对应的用户信息
*
* @param string $username
* @return User
*/
public function findForPassport($username) {
return $this->orWhere('username', $username)->orWhere('email', $username)->orWhere('phone', $username)->first();
}
}
<?php
namespace AppProviders;
use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider;
use LaravelPassportPassport;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
// 'AppModel' => 'AppPoliciesModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
}
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
]
public function boot() {
$this->registerPolicies();
Passport::routes();
Passport::tokensExpireIn(now()->addDays(10));
Passport::refreshTokensExpireIn(now()->addDays(30));
}
生成密码授权客户端
{
"token_type": "Bearer",
"expires_in": 1296000,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjQxOTI0MWIyMTYyMDkwMGEzMjBhZjVjZWUxNjgzYzkwZTE2Y2NiOTcyMzE3MzU4NzRiNmNkNTgxNTZjNzY3YzhlNjJiMjNlNWJkYzdjZDM1In0.eyJhdWQiOiI0IiwianRpIjoiNDE5MjQxYjIxNjIwOTAwYTMyMGFmNWNlZTE2ODNjOTBlMTZjY2I5NzIzMTczNTg3NGI2Y2Q1ODE1NmM3NjdjOGU2MmIyM2U1YmRjN2NkMzUiLCJpYXQiOjE1NTY1Mjk4NjUsIm5iZiI6MTU1NjUyOTg2NSwiZXhwIjoxNTU3ODI1ODY1LCJzdWIiOiIxIiwic2NvcGVzIjpbIioiXX0.ng5lmGdiwRGOxYRkW7R0Ox7VSb5pWIlRaxMbWikbIP0GyEhL4ABJjvA4LVNb8k0molnghbTrUxr8V9yNTI-dVzt8iNzEXEvQ2N_jBWL-96M85V_QybDq0nHMU5vdPqxbbcjZNoAz53GD-QQPpwlaT6X1IpjjkAcXKwY_SBywGG3LSeaYEVO9GhcSjEG27BDFdYHHWD6C-gJwt1IsZ5ggfgxsC3vakfay3aQbRaoQycvk_lYzJA-xwcqJodOx6OkeSPm64Whq2njbyQ4YRUsvLo6DbWm5bZ6vVd4INTetwJErjMMn6XMcHp3Oont6UetuMeg_VdhPcnI58ew1DjbDAlpBk-B5z-MAMxPrhQYLFgsqOU8YdSQD4ddTD7OW9NUyjvNqcQAvoJIYfUCsGw3hTG9VXG7TyJQJQ_I5oq7_5gHLcuaHJn5Pzfq47Tql88UnoQZKSw4FcfEDP7uXNXAdg5edc4wnog8LMeIa6WqYXfnjy5rIjLnhJcq-6Ot4KIOVjNL3teDLCe9A7fv7tdLSJiCf4Pz-jEjRS_Z0pdHdwyFihUWcl578JKHAHlj4B0CY9zXSmTdNeY-LofKP1vaFX8Ct6sQsYOJB-O3oOqfxeVHNRYD6liPWnLcFmyBFR9qV-XpSCR-PnxwBUJ9s0v_tCpHfwDMO6T8jf72OxZ-H8IA",
"refresh_token": "def502005aa00689b542002eb9f23e83351ffeb309d6b804023b533804d36652ad1a8458fe7bf14e25043b28c2b842938dd6b056202bddd568d6bdccdd000d913c76cfd281b7a1df56675c4f04f56f4b63b68011d13a5e363bf64de44931faabf22b672f63cbe215f664f52c1830d217f39c3688adaec49f97f95652777e9f4bab5184c6d51c0ae93ad0f3b64c01c0b22bc67c577c6fa9a4247a8865a6eae9b3f37d1c496e9274e4ae6bb01e830461bde27e562f3a31f420bd34cb1d30456336c85cc40dcf8290b74d7661ade84efe81cfa3fc623c78bb3f6ca385dcc60278e6be10c9127206ca55144f7d419e87b89e19d48e159b790d66d3d65860dacc87f7b9806e770eff8436c87c18cdfa75a2e4e7cc1430876b78f647608189214fc2daa465758e6c51909a08bd1aa868978821144b74f65a124d84195d1b0cbafdbca9c664ac082b1f2bd14aa728d740a7b17073413db6af179940d79de0b43ada6f01ee56795a"
}
POST请求成功后的返回
请求令牌过程中有几个需要注意的点:
1 - 采用 postman 之类的工具请求时,用 application/x-www-form-urlencode,即 form data 形式提交,否则会返回 unsupported_grant_type 的错误。
2 - 如果出现 invalid_credentials 错误,修改提交参数,默认未修改的情况下,username 值使用电子邮件地址,即类似以 makeit@makeit.vip 作为 username 的值 ( 当然,可以自定义用户名字段, 查看上面所述中《更新模型》这一块的内容 )
3 - 该方式,默认情况下,发放的访问令牌是长期有效的,如果需要修正时间,请查看 《Laravel 5.8 API 开发实战(三)》
unsupported_grant_type 错误
invalid_credentials 错误
php artisan tinker
AppUser::create(['name' => 'makeit', 'email' => 'makeit@makeit.vip', 'password' => bcrypt('123456')]);
安装 laravel-cors
'CROS' => BarryvdhCorsHandleCors::class
<?php
namespace AppHttp;
use BarryvdhCorsHandleCors;
use IlluminateFoundationHttpKernel as HttpKernel;
class Kernel extends HttpKernel {
protected $middleware = [
......
HandleCors::class
];
......
}
全局使用
局部使用
至此,oAuth 2.0 密码授权令牌的实现就完成了,另外还讲述了相关的客户端管理及其跨域的一些问题,三四篇下来,基本上 API 开发的起步工作算是完成了,从最初《Laravel 5.8 API 开发实战(一)》跑通无授权的接口,至《Laravel 5.8 API 开发实战(二)》实现 jwt-auth 的认证,再到《Laravel 5.8 API 开发实战(三)》实现无感刷新 token,再到当前实现 oAuth 2.0 密码授权,总结整理了 API 开发的前期准备工作,后续将结合开发实际,说说具体的功能点,比如采用 RabbitMQ,结合 QQ 邮箱,实现注册的邮件的异步发送,加快响应速度之类的 ......