laravel5.3-第11章-passport
一、passport
composer create-project laravel/laravel=5.3.* laravel5.3_passport
新建数据库 laravel5.3_passport
修改 .evn 配置文件
APP_URL=http://passport.com
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel5.3_passport
DB_USERNAME=laravel5.3_passport
DB_PASSWORD=laravel5.3_passport
修改中国时区,在 config/app.php 中修改
'timezone' => 'PRC',
切换目录
cd laravel5.3_passport
通过 composer 下载 passport
composer require laravel/passport=~1.0
passport 专注于实现 OAuth2.0 服务端,官网:https://laravel.com/docs/5.3/passport
至于什么是 OAuth2.0,可以看这篇文章:https://lulublog.cn/p/7tObm1
在 config/app.php 中配置 passport:在 providers 参数中新增
\Laravel\Passport\PassportServiceProvider::class,
执行数据迁移
php artisan migrate
生成加密 key
php artisan passport:install
配置 User 模型的 HasApiTokens
use Laravel\Passport\HasApiTokens;
use HasApiTokens, Notifiable;
添加 passport 路由:修改 app/Providers/AuthServiceProvider.php
use Laravel\Passport\Passport;
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
修改 config/auth.php 中的 guards 参数
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
注册用户
php artisan make:auth
配置本地域名:passport.com
生成用户:访问 http://passport.com/register
生成前端组件
php artisan vendor:publish --tag=passport-components
注册前端组件:resources/assets/js/app.js 新增以下代码
Vue.component(
'passport-clients',
require('./components/passport/Clients.vue')
);
Vue.component(
'passport-authorized-clients',
require('./components/passport/AuthorizedClients.vue')
);
Vue.component(
'passport-personal-access-tokens',
require('./components/passport/PersonalAccessTokens.vue')
);
执行 npm install
npm install
执行 gulp
gulp
如果报错
修改 package.json
"bootstrap-sass": "3.4.1",
然后重新执行命令
npm install
gulp
注册组件:修改 resources/views/home.blade.php
登录后打开:http://passport.com/home
点击 Create New Client
Name:passport-client
Redirect URL:http://passport-client.com/callback点击 Create 进行保存
二、passport_client
新建一个 passport_client 的项目
composer create-project laravel/laravel=5.3.* laravel5.3_passport_client
修改 .evn 配置文件
APP_URL=http://passport-client.com
切换目录
cd laravel5.3_passport_client
安装 guzzlehttp/guzzle
composer require guzzlehttp/guzzle
配置本地域名:passport-client.com
修改 routes/web.php
Route::get('/oauth', function () {
$query = http_build_query([
'client_id' => 3,
'redirect_uri' => 'http://passport-client.com/callback',
'response_type' => 'code',
'scope' => '',
]);
return redirect('http://passport.com/oauth/authorize?'.$query);
});
Route::get('callback', 'OAuthController@oauth');
创建控制器
php artisan make:controller OAuthController
修改 app/Http/Controllers/OAuthController.php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
class OAuthController extends Controller
{
public function oauth(Request $request)
{
$http = new \GuzzleHttp\Client;
$response = $http->post('http://passport.com/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => 3,
'client_secret' => 'RXvEYrWCCXnDcRfqzEVtKzBP4EGpnwIPLy7VwVmM',
'redirect_uri' => 'http://passport-client.com/callback',
'code' => $request->code,
],
]);
$accessToken = Arr::get(json_decode((string) $response->getBody(), true), 'access_token');
return $this->getUserByToken($accessToken);
}
private function getUserByToken($accessToken)
{
$http = new \GuzzleHttp\Client;
$headers = [
'Authorization' => 'Bearer '.$accessToken
];
$request = new \GuzzleHttp\Psr7\Request('Get', 'http://passport.com/api/user', $headers);
$response = $http->send($request);
return json_decode((string) $response->getBody(), true);
}
}
备注:这里的 client_secret 是 passport.com 生成的
三、access_token
3.1、Authorize
访问:http://passport-client.com/oauth,会跳转 http://passport.com/oauth/authorize?client_id=3&redirect_uri=http%3A%2F%2F127.0.0.1%3A8001%2Fcallback&response_type=code&scope=
在 windows 平台下,使用laraval/passport包,报错如下
"oauth-public.key" permissions are not correct, should be 600 or 660 instead of 666
修改 passport 项目 vendor/league/oauth2-server/src/AuthorizationServer.php
use Laravel\Passport\Passport;
$privateKey = new CryptKey($privateKey);
修改为
$privateKey = new CryptKey('file://' . Passport::keyPath('oauth-private.key'),null,false);
$publicKey = new CryptKey($publicKey);
修改为
$publicKey = new CryptKey('file://' . Passport::keyPath('oauth-public.key'),null,false);
如果 laravel-passport 报错
Replicating claims as headers is deprecated and will removed from v4.0. Please man
解决命令:在 passport 项目下执行
composer require lcobucci/jwt=3.3.3
点击 Authorize 会跳转 http://passport-client.com/callback
3.2、Personal Access Tokens
访问 http://passport.com/home,点击 Create New Token
打开 postman
3.3、CreateFreshApiToken
修改 passport 项目 resources/assets/js/components/Example.vue
export default {
mounted() {
this.$http.get('/api/user').then(response => {
console.log(response.data);
});
}
}
执行 gulp
gulp
resources/views/home.blade.php 引入 Example.vue
打开 http://passport.com/home,强制刷新,在控制台可以看到
可能会报错,需要在 app/Http/Kernel.php 的 middlewareGroups 的 web 引入 CreateFreshApiToken
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class
3.4、password granted
在 passport 项目生成 password granted
php artisan passport:client --password
password-granted
修改 passport-client 项目的 app/Http/Controllers/OAuthController.php
namespace App\Http\Controllers;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
class OAuthController extends Controller
{
protected $http;
public function __construct(Client $http)
{
$this->http = $http;
}
public function oauth(Request $request)
{
$response = $this->http->post('http://passport.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 4,
'client_secret' => 'rF0izYUKUJUZ01G0exfydwn2J5rXLg7iIFkg8Iaa',
'username' => 'alulubin@gmail.com',
'password' => '123456',
'scope' => '',
],
]);
$accessToken = Arr::get(json_decode((string) $response->getBody(), true), 'access_token');
return $this->getUserByToken($accessToken);
}
private function getUserByToken($accessToken)
{
$headers = [
'Authorization' => 'Bearer '.$accessToken
];
$request = new \GuzzleHttp\Psr7\Request('Get', 'http://passport.com/api/user', $headers);
$response = $this->http->send($request);
return json_decode((string) $response->getBody(), true);
}
}
访问 http://passport-cilent.com/callback
