PHP Laravel Passport OAuth2在受保护的路由上总是返回未经身份验证

k7fdbhmy  于 2023-01-24  发布在  PHP
关注(0)|答案(1)|浏览(105)

我在本地主机上运行Laravel v5.3,域Map到bookmarkapi.dev

1)

在我的路线文件/routes/web.php中,我有这些路线:

// http://bookmarkapi.dev/callback
Route::get('/callback', function (Request $request) {
    $http = new GuzzleHttp\Client;

    $response = $http->post('http://bookmarkapi.dev/oauth/token', [
        'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => 1,
            'client_secret' => 'dc2lGvM2L6lOyANVN8YPuzpsy4LnxhuT8v9aTBdn',
            'redirect_uri' => 'http://bookmarkapi.dev/callback',
            'code' => $_GET['code'],
            //'code' => $request->code, I use $_GET['code'] ass laravel says it cannot find $request->code
        ],
    ]);

    return json_decode((string) $response->getBody(), true);
});

// http://bookmarkapi.dev/redirect
Route::get('/redirect', function () {
    $query = http_build_query([
        'client_id' => 1,
        'redirect_uri' => 'http://bookmarkapi.dev/callback',
        'response_type' => 'code',
        'scope' => 'crud-bookmark-collections crud-bookmark-tags crud-bookmarks',
    ]);

    return redirect('http://bookmarkapi.dev/oauth/authorize?'.$query);
});

2)

当我访问**http://bookmarkapi.dev/callback**时,它重定向到:

http://bookmarkapi.dev/oauth/authorize?client_id=1&redirect_uri=http%3A%2F%2Fbookmarkapi.dev%2Fcallback&response_type=code&scope=crud-bookmark-collections+crud-bookmark-tags+crud-bookmarks

并显示如下:

3)

单击“授权”按钮,然后重定向到此URL:

http://bookmarkapi.dev/callback?code=wBa9765%2FOnbjT2brMKdxEkxavROg0k5wJ6bZ3h5OZVI%2BMF5%2BAHs2j9ghpgI%2FRJRnC0hCYrGRyQvSLZmnnqASSmO4%2BAn8yXU0TNgJiC2p4kvCHrwA4Vy6va8rRwnFRNcbDOGapEAvoC%2Ba4A6iMAd1EXdvWK8Ur%2B8N5jKNQQrUd45hFMNzohWq2WPXd9Q1IbuNoKZoq0h%2BWtAHB6M07QH27a0kTCBVQ9K%2B7msjKuQRSmQSTfWRoKW0al6OSNo%2Fqo3Gx9EnCct%2BgEVuO3LvLJXRWGA9cns7LnLPJMCmUbQeaPY88F3%2BRhHRcfLYnZJthvxnuOLI2RtIKszjyEstdam%2Blgme60Ml0aGvfQy3ZgsoHwsHnYVBi%2BNiy9W3zWY0CHzDEVjtMyEjTqLPFoVNUSV2BVrclZrGsCOSXXinZsZHc4h1nxU6yuLdf%2F8O4eIHZh%2BNbbxBH1usbZfMlv2POSUW%2FfW0g1wRwWnu%2BO0FEhjJtgAfCnSpoSZQ6M72ecGAODHojvRCnJLARQESp4VGsElclXxmILNq5gwXKkIpY2k%2FqMsXCLcDB%2BaPZOCttlykk%2BiCIFYVN2H0Cze8HfYxDn5tubb3kWy%2Fi4ZxGp5rFwBPkJ5C3p3H3KNjShZmmJZ1l6xn9oXB2Q0H9zFTjMxkDH4zQAUqIMBa52ZmyQcmojv%2BqYs%3D

并显示如下:

{
"token_type": "Bearer",
"expires_in": 1295999,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM4MTI3YzFkNDc1YTRlOTY3ZmQyOGMxOWI0ODFiNzJlODQzZDYwNGI0NTE1ZThhYjc4ZjkyZjVmNDczZDM4MGMyNjExYzAxZGRmMDYwMzFlIn0.eyJhdWQiOiIxIiwianRpIjoiYzgxMjdjMWQ0NzVhNGU5NjdmZDI4YzE5YjQ4MWI3MmU4NDNkNjA0YjQ1MTVlOGFiNzhmOTJmNWY0NzNkMzgwYzI2MTFjMDFkZGYwNjAzMWUiLCJpYXQiOjE0ODA0Mzk4MTAsIm5iZiI6MTQ4MDQzOTgxMCwiZXhwIjoxNDgxNzM1ODA5LCJzdWIiOiI0Iiwic2NvcGVzIjpbImNydWQtYm9va21hcmstY29sbGVjdGlvbnMiLCJjcnVkLWJvb2ttYXJrLXRhZ3MiLCJjcnVkLWJvb2ttYXJrcyJdfQ.kfuF4QJyX1IXv7gx0ZsxURlnBa8DP6u9elj0QAF82FYZfIlOwCAzSsrpDb9XEB3kEkbnXZAsIyrMe7nY5nV_7T9_kdODOqfA2r93zqLKg-I_UMMyTtI6UZJWNVGXsO2K25GQD2AJXodI2T9gW-zyUIuj5tjzRrpXAv047WcuIGr9ghG3qpaYlrZyT7lKuV6aBrhnPYk8gU8gHZAAx0nw457vRePs_bis3KbkF62HRfgYIXSIG2i6al-gYAEtejKAXGpZkeIiuoOnkqsxt9WdNJKqsfDvlwZ4P_-3YfFgvjfGn3O5hkRIghyc7BwG8vShE28s_PPl91aHwbaAEfWDLePTHGQrUJXCpMdnuk8owqdbSfrU8BJtByONNk9Plj0RLY445LxmqDWt1Er36JvzoQObOy0YrB1tqbVg19_tA_xyKdZkQIwbeE0hlZV7kuUPMjur0n0jBpoXIaZRVHP7fOT5iIiMFiB8V882L8lrrO14_ebYQ8z-mAi7k_7P1cJwahtpbSg2L96ZlY6zGM1dWwX9GFDivlTSBqAJjkAumU9731jn83_BJrSGKwh5rIt-ckccdKWppuDHqpH8OOUJpozpljdSfuUwBoYX4QlJkq2jgw_Gu1hbeNdKhtinuUQ18DGs7WEP4WY9BZQwu-YXLCWDYf-a6Az6AJ64xWjggA0",
"refresh_token": "MGFQoiIFVO2+RVZ1DuijU6DKAc+h7I8cIj+cP9W0LMAhOHZVrr0rUT6AvrY+BL6lCS9HPPkcRaaniiI02xG4af5DzdwXLLeRq4TfbZ+L1I0jZeqcLemOOvrh6ri9lPuOsbfVBEtJBHcZBCoby00p33ZBvIGQgXqo+iQZw1c6M3J4gbBOJIEVPKrSpuOEPoOdU6taDRaslaeP6E2wqJ7y2DTjObUiBb4TQwpJL6H+3JoJgjEjpKQihIZ99KgwrVFcnKrxOd/ZqVdnf+xYRfWxsL5YzD/k/L/0r0Y9TINPcqUt+m2diiIcikTS76g9qkrNQ5/yTMhYhDAMmF7MK1IQAAOQf23aq4C09Nj+PbjPnQmsR84Kz+A9psb0WsFKTMrzRrjXPrgv+YR3eu8zdBKC1vyc59O4wfAc0zGNe9TnnQ+oUF0dKIr2XbKDDtlUX8Ko5u0qIEMjePV/lnkloKoxIYcRrlVfA8Gvihwldi47fvmcS7wqSVLlwawSXeBK68Ah7AMkCu4VIjQuIHv8C5M6Yzgy5ede5Lrf3kk7hFmWilTFY5igMQiFLOYyQCbb7n4A7/5tMWy6r2iKMbhc1ua6V1+S/ki7PKCP2utFpolXZcc0haU94NEbtoUROJ+TpaWQYKypFu3OcinfRYTpvVDkzR08F+Fest8Wcdvxqby09po="
}

4)

在文件API中,我有所有这些API的测试路径,只是尝试不同的东西,希望1能工作!:

Route::any('/user', function (Request $request) {
    echo 'api user';
})->middleware('auth:api', 'cors');

Route::get('/user2', function (Request $request) {
    print_r($request);
    //return $request->user();
})->middleware('auth:api', 'cors');

// OAuth Scopes
// crud-bookmark-collections' => 'Create/Edit/Delete/View  Bookmark Collections',
// crud-bookmark-tags' => 'Create/Edit/Delete/View Bookmark Tags',
// crud-bookmarks

Route::any('/whatever1', function () {
    // do stuff
    return 'hi';
})->middleware('anyScope:crud-bookmark-collections', 'cors');;

// Any of the given scopes
Route::any('/whatever2', function () {
    // do stuff
})->middleware('anyScope:crud-bookmark-collections,crud-bookmark-tags,crud-bookmarks', 'cors');

// All of the given scopes
Route::any('/whatever3', function () {
    // do stuff
    echo 'test';
})->middleware('allScopes:crud-bookmark-collections,crud-bookmark-tags,crud-bookmarks', 'cors');

5)

当我在Postman这样的程序中测试post时,使用这些标题:

Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjUxNDRjYTA4Nzg4MDBmNmRhNmY5NDEwNjI5OGMwMDFmZjMwODlmMjA0NjEwNTg5MGIwODBmZWFlY2Q3MjU4NDMwYjZjY2RmZjQxYTMwMWU1In0.eyJhdWQiOiIxIiwianRpIjoiNTE0NGNhMDg3ODgwMGY2ZGE2Zjk0MTA2Mjk4YzAwMWZmMzA4OWYyMDQ2MTA1ODkwYjA4MGZlYWVjZDcyNTg0MzBiNmNjZGZmNDFhMzAxZTUiLCJpYXQiOjE0ODA0Mzg5NzcsIm5iZiI6MTQ4MDQzODk3NywiZXhwIjoxNDgxNzM0OTc3LCJzdWIiOiI0Iiwic2NvcGVzIjpbImNydWQtYm9va21hcmstY29sbGVjdGlvbnMiLCJjcnVkLWJvb2ttYXJrLXRhZ3MiLCJjcnVkLWJvb2ttYXJrcyJdfQ.kLUZGJQOPfr_fRaMngrltHuiJDheOJHt3Q7AlvlV4dONkZ2TyX9PFFM7OOfTvxF9rUDdacPp6Z5r52Q25Tj0bJg4NjakGn31EQj8FBCqR36a31-SniC1ln0XlziiUH6F2LZSjHBojrSz3pOiUn4I0YhqoumTIlQ-FKCnWENhdCzG-KBqlJlKHrIBJAF1oXK4es28--8L9vTY9Mg57WiSuEmJ1LG_dt6d14dapj9oyZC8agIkToY4vosYAMCg2vMbqupfpkf-OjeZ9xswFC05qNhAMeonOsdBr-ppLG2CQXu42rp4bYC5fmDGERUzyia0S-YChzxmtbHdsYd_QKxoWtRUlOScduqKFJpNQVT_dByfvhRcF4pcce8EM25--K6a_qR7ThfkhmVBKluOto0e9VruSF1E4lSKksZWmH9AT7UrNSMwCHkXD-QBearOjRddn403YYmx8Sv3OsZhDqtFl1ULfnmxGa-HqrM_L8V49UFj4n6doJYYhdYRQ26j62ROgA4u_cwEUltrr3q4wHz9fLJJdsPkkUh43vPk_6QHOXxSVcCfc-7p_NoW1IVB-OwJQqp4eG971JJG6bwSHenmwYP-pTGdwTg8gCRuAfK17v1OWm9KThSsi8OWz9UHoPCZD1tZT5jQPHGCI83emXTDAgBbvukk_MzDsPQq2btWfsg

结果总是这样:

{
    "error": "Unauthenticated."
}

我被卡住了。我不能让我的任何路线显示使用我的OAuth令牌,因为他们总是显示unauthenticated

6jygbczu

6jygbczu1#

经过许多个星期的尝试和研究,我终于得到了这个工作!
在文件app\Providers\RouteServiceProvider.php
在函数mapApiRoutes()
我改了这个:

protected function mapApiRoutes()
{
    Route::group([
        'middleware' => 'api',
        'namespace' => $this->namespace,
        'prefix' => 'api',
    ], function ($router) {
        require base_path('routes/api.php');
    });
}

变成这样:

protected function mapApiRoutes()
{
    Route::group([
        'middleware' => 'auth:api',
        'namespace' => $this->namespace,
        'prefix' => 'api',
    ], function ($router) {
        require base_path('routes/api.php');
    });
}

注意上面的第4行:'middleware' => 'api'必须为'middleware' => 'auth:api'
这使得我受保护的api路由现在与我的oauth秘密一起工作!非常高兴,也许这将节省别人几个星期和几个月的头部撞击现在!

相关问题