关于这个的背景故事,我一直在按照文档中的说明工作:https://laravel.com/docs/5.4/passport
我有
拉- 拉维尔 5.4
- "Laravel/Passport": "^3.0" 来自作曲家
- 本地Mac osx运行Mamp pro,Php 7.0.15
我正在路由/api 中调用示例用户路由.php
Route::get('/user', function () {
return 'testing';
})->middleware('auth:api');
邮递员卷曲标题(从邮递员中的代码导出中提取(:
CURLOPT_HTTPHEADER => array(
"accept: application/json",
"authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImM3ZmI2ZmNmMWFkOGQ0NjFkNTdhMWU2NjFiYjhhOThmOTJhOTBkMDFkNDkwZDFjNDRkNDg5MTdlYjJiZWYyMDlkNjNmOTQwMjIxNTljZWI5In0.eyJhdWQiOiIxIiwianRpIjoiYzdmYjZmY2YxYWQ4ZDQ2MWQ1N2ExZTY2MWJiOGE5OGY5MmE5MGQwMWQ0OTBkMWM0NGQ0ODkxN2ViMmJlZjIwOWQ2M2Y5NDAyMjE1OWNlYjkiLCJpYXQiOjE1MDE3OTQ2NjIsIm5iZiI6MTUwMTc5NDY2MiwiZXhwIjoxNTMzMzMwNjYyLCJzdWIiOiIxIiwic2NvcGVzIjpbImFwaS1hY2Nlc3MiXX0.CPGM4PIKJBeiJvokuDzShz_1CnqHlnFIML-tWoBCn5GcijMXmQkWOHzTI8QwTws2h719TGA4hemXDljjqoZB0LiztAx2JZ3OhjNS-MhrMNujnTJUbvkXAVfcRdybhlDEWof_iboLICQTYNTslX1iw-2DCyFMh8gB4INAKUhpvzA955ALB-ZunKrjSNKdRkgtZRe0t6VyJf9LwzgjIAfSKoi_qRis36KD7hcf0Id_iWZkhvS-ZfuM5eUpzUooUe0rb4rkYYEYndlHlY7-uuZPlzmPMpaJTR4AW1CLkaK5Ic7fde1x1kk2duW_Znd9ki2YBP0kw7ifAmg2DaM5r2-0kEx_1iFuCIxE8QJns1aIm3XjWoOApovt7V6-s3yJZK3xlIDCjFI-C59RHiVSabh-hKdX4elvSL9taSQyuramPZPpsne9SUh4KCWul0iHoNjFdFJEut_TUBWyUPtD3J7gg6P97uRS_THDAUHMo2UYVhlnu9PV8SvbvjGj3OeaaH7ZbzWQCYKbqsLZAZ2mnJlFhTMghbaC2s_MND1zlRm7w9btmihxVW714NUbH8UAwSvrtIYYQ0itevZ59TLiAXprjmjkhiFkrhdX4bUje4uNEbLYawkZI-1o82IExW9D8kCYpOWOZdWTCLgmaE2wXcf-DTCV-9vDWRAdX1YmP4JbRsc",
"cache-control: no-cache",
"content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW",
"postman-token: 2ec7a2c8-3489-812d-4638-ebb7dc62aeb1"
),
我有 1 个使用 Vue 组件生成的个人访问令牌
我已经检查了我是否将令牌有效期设置为 1 年,这反映在数据库中。
我的身份验证服务提供商.php
Passport::routes();
// TODO MAKE THEM LAST A LONG TIME
Passport::tokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10)
Passport::refreshTokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10)
Passport::pruneRevokedTokens(); //basic garbage collector
Passport::tokensCan([
'api-access' => 'Access Complete API',
]);
My RouteServiceProvider.php (mapApiRoutes 在 map 函数中调用(
protected function mapApiRoutes()
{
Route::group([
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');
});
}
我的内核.php路由中间件
protected $routeMiddleware = [
'auth' => IlluminateAuthMiddlewareAuthenticate::class,
'auth.basic' => IlluminateAuthMiddlewareAuthenticateWithBasicAuth::class,
'bindings' => IlluminateRoutingMiddlewareSubstituteBindings::class,
'can' => IlluminateAuthMiddlewareAuthorize::class,
'guest' => AppHttpMiddlewareRedirectIfAuthenticated::class,
'throttle' => IlluminateRoutingMiddlewareThrottleRequests::class,
];
--编辑 -- 经过更多研究
我正在使用邮递员来测试我的 api 身份验证,每次尝试时都会获得 401。我尝试过个人访问客户端和密码授予客户端,两者都有相同的问题。在查看它们之后,我意识到它们都使用授权持有者 [令牌] 格式。
所以我开始在护照源中的各种文件中注销。
在令牌卫士中.php
public function user(Request $request) {
Log::info('TokenGuard: '. $request);
if ($request->bearerToken()) {
return $this->authenticateViaBearerToken($request);
} elseif ($request->cookie(Passport::cookie())) {
return $this->authenticateViaCookie($request);
}
}
日志如下所示:
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
[2017-08-10 20:50:20] local.INFO: TokenGuard 93: GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: url.com:8888
Postman-Token: 66707fe5-8f6e-4920-948b-2804a76d4a65
User-Agent: PostmanRuntime/6.2.5
缺少的是请求的持有者 [令牌] 部分。 TokenGuard 代码块正在运行 if/else。 这就是我认为失败发生的地方。
它不应该也记录出来吗?由于不记名令牌丢失,因此 If/Else 失败,因此返回 401 是有意义的。
为什么我的令牌会从请求中删除。
将其添加到项目公共目录下的.htaccess
文件中:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]