易特网（ 原创）

安装 Passport

安装passport

注册数据表

生成密钥

生成密钥

更新模型

<?php namespace App; use IlluminateNotificationsNotifiable; use IlluminateFoundationAuthUser as Authenticatable; use LaravelPassportHasApiTokens; class User extends Authenticatable { use HasApiTokens, Notifiable; /** * The attributes that are mass assignable. * * @var array */ protected $fillable = [ 'name', 'email', 'password', ]; /** * The attributes that should be hidden for arrays. * * @var array */ protected $hidden = [ 'password', 'remember_token', ]; /** * The attributes that should be cast to native types. * * @var array */ protected $casts = [ 'email_verified_at' => 'datetime', ]; /** * 通过用户名/手机号码找到对应的用户信息 * * @param string $username * @return User */ public function findForPassport($username) { return $this->orWhere('username', $username)->orWhere('email', $username)->orWhere('phone', $username)->first(); } }

服务提供器（Provider）

<?php namespace AppProviders; use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider; use LaravelPassportPassport; class AuthServiceProvider extends ServiceProvider { /** * The policy mappings for the application. * * @var array */ protected $policies = [ // 'AppModel' => 'AppPoliciesModelPolicy', ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Passport::routes(); } }

授权看守器（Guard）

'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ], ]

token 有效期

public function boot() { $this->registerPolicies(); Passport::routes(); Passport::tokensExpireIn(now()->addDays(10)); Passport::refreshTokensExpireIn(now()->addDays(30)); }

部署 passport

密码授权令牌

密码授权客户端

生成密码授权客户端

请求令牌

{ "token_type": "Bearer", "expires_in": 1296000, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjQxOTI0MWIyMTYyMDkwMGEzMjBhZjVjZWUxNjgzYzkwZTE2Y2NiOTcyMzE3MzU4NzRiNmNkNTgxNTZjNzY3YzhlNjJiMjNlNWJkYzdjZDM1In0.eyJhdWQiOiI0IiwianRpIjoiNDE5MjQxYjIxNjIwOTAwYTMyMGFmNWNlZTE2ODNjOTBlMTZjY2I5NzIzMTczNTg3NGI2Y2Q1ODE1NmM3NjdjOGU2MmIyM2U1YmRjN2NkMzUiLCJpYXQiOjE1NTY1Mjk4NjUsIm5iZiI6MTU1NjUyOTg2NSwiZXhwIjoxNTU3ODI1ODY1LCJzdWIiOiIxIiwic2NvcGVzIjpbIioiXX0.ng5lmGdiwRGOxYRkW7R0Ox7VSb5pWIlRaxMbWikbIP0GyEhL4ABJjvA4LVNb8k0molnghbTrUxr8V9yNTI-dVzt8iNzEXEvQ2N_jBWL-96M85V_QybDq0nHMU5vdPqxbbcjZNoAz53GD-QQPpwlaT6X1IpjjkAcXKwY_SBywGG3LSeaYEVO9GhcSjEG27BDFdYHHWD6C-gJwt1IsZ5ggfgxsC3vakfay3aQbRaoQycvk_lYzJA-xwcqJodOx6OkeSPm64Whq2njbyQ4YRUsvLo6DbWm5bZ6vVd4INTetwJErjMMn6XMcHp3Oont6UetuMeg_VdhPcnI58ew1DjbDAlpBk-B5z-MAMxPrhQYLFgsqOU8YdSQD4ddTD7OW9NUyjvNqcQAvoJIYfUCsGw3hTG9VXG7TyJQJQ_I5oq7_5gHLcuaHJn5Pzfq47Tql88UnoQZKSw4FcfEDP7uXNXAdg5edc4wnog8LMeIa6WqYXfnjy5rIjLnhJcq-6Ot4KIOVjNL3teDLCe9A7fv7tdLSJiCf4Pz-jEjRS_Z0pdHdwyFihUWcl578JKHAHlj4B0CY9zXSmTdNeY-LofKP1vaFX8Ct6sQsYOJB-O3oOqfxeVHNRYD6liPWnLcFmyBFR9qV-XpSCR-PnxwBUJ9s0v_tCpHfwDMO6T8jf72OxZ-H8IA", "refresh_token": "def502005aa00689b542002eb9f23e83351ffeb309d6b804023b533804d36652ad1a8458fe7bf14e25043b28c2b842938dd6b056202bddd568d6bdccdd000d913c76cfd281b7a1df56675c4f04f56f4b63b68011d13a5e363bf64de44931faabf22b672f63cbe215f664f52c1830d217f39c3688adaec49f97f95652777e9f4bab5184c6d51c0ae93ad0f3b64c01c0b22bc67c577c6fa9a4247a8865a6eae9b3f37d1c496e9274e4ae6bb01e830461bde27e562f3a31f420bd34cb1d30456336c85cc40dcf8290b74d7661ade84efe81cfa3fc623c78bb3f6ca385dcc60278e6be10c9127206ca55144f7d419e87b89e19d48e159b790d66d3d65860dacc87f7b9806e770eff8436c87c18cdfa75a2e4e7cc1430876b78f647608189214fc2daa465758e6c51909a08bd1aa868978821144b74f65a124d84195d1b0cbafdbca9c664ac082b1f2bd14aa728d740a7b17073413db6af179940d79de0b43ada6f01ee56795a" }

POST请求成功后的返回

请求令牌过程中有几个需要注意的点：

1 - 采用 postman 之类的工具请求时，用 application/x-www-form-urlencode，即 form data 形式提交，否则会返回 unsupported_grant_type 的错误。

2 - 如果出现 invalid_credentials 错误，修改提交参数，默认未修改的情况下，username 值使用电子邮件地址，即类似以 makeit@makeit.vip 作为 username 的值 ( 当然，可以自定义用户名字段, 查看上面所述中《更新模型》这一块的内容 )

3 - 该方式，默认情况下，发放的访问令牌是长期有效的，如果需要修正时间，请查看 《Laravel 5.8 API 开发实战（三）》

unsupported_grant_type 错误

invalid_credentials 错误

请求作用域

颁发访问令牌

管理客户端

php artisan tinker AppUser::create(['name' => 'makeit', 'email' => 'makeit@makeit.vip', 'password' => bcrypt('123456')]);

CORS 跨域

安装 laravel-cors

'CROS' => BarryvdhCorsHandleCors::class

<?php namespace AppHttp; use BarryvdhCorsHandleCors; use IlluminateFoundationHttpKernel as HttpKernel; class Kernel extends HttpKernel { protected $middleware = [ ...... HandleCors::class ]; ...... }

全局使用

局部使用

至此，oAuth 2.0 密码授权令牌的实现就完成了，另外还讲述了相关的客户端管理及其跨域的一些问题，三四篇下来，基本上 API 开发的起步工作算是完成了，从最初《Laravel 5.8 API 开发实战（一）》跑通无授权的接口，至《Laravel 5.8 API 开发实战（二）》实现 jwt-auth 的认证，再到《Laravel 5.8 API 开发实战（三）》实现无感刷新 token，再到当前实现 oAuth 2.0 密码授权，总结整理了 API 开发的前期准备工作，后续将结合开发实际，说说具体的功能点，比如采用 RabbitMQ，结合 QQ 邮箱，实现注册的邮件的异步发送，加快响应速度之类的 ......