我正在开发一个具有运行Laravel Passport的API层的项目.我已将createFreshApiToken添加到我的应用程序中,并且我的所有jQuery ajax请求都正常工作.
今天我正在整合DropzoneJS,当我尝试上传文件时,它获得了401 Unauthorized.我检查了请求标头,并在cookie标头中设置了laravel_token.
当laravel_token包含在请求标头中时,什么会导致Laravel Passport抛出401 Unauthorized响应?
General
Request URL:http://api.ryno.dev/api/post/photo
Request Method:POST
Status Code:401 Unauthorized
Remote Address:127.0.0.1:80
Response Headers
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:28
Content-Type:application/json
Date:Wed, 15 Mar 2017 16:36:27 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.2.31 (Unix) mod_wsgi/3.5 Python/2.7.12 PHP/7.0.12 mod_ssl/2.2.31 OpenSSL/1.0.2j DAV/2 mod_fastcgi/2.4.6 mod_perl/2.0.9 Perl/v5.24.0
X-Powered-By:PHP/7.0.12
X-RateLimit-Limit:60
X-RateLimit-Remaining:59
Request Headers
Accept:application/json
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
api-version:1
Cache-Control:no-cache
Connection:keep-alive
Content-Length:4802
Content-Type:multipart/form-data; boundary=---- WebKitFormBoundaryEqAfOqBqekRWHC6B
Cookie:laravel_token=eyJpdiI6InJzRG5SNkVmYW1GMDJmd3pPTUhnWmc9PSIsInZhbHVlIjoiUk1iU01XVm9Ydytyb3NXUDlEVngwUnlGUXNhSkdvcFFpaXhwNSt6XC9XXC9TOHlcL3MxWjl2MkVxU1NCNjV6bmNka2w3dlNlTmJrRXVTVkVhQnZOd1dwZTRpaXdscll1WHVsUm1CMHBkbVdiNVprZXZmT2pRaTdySjRXRzhWY1FGV25JNm5qXC9TNzV6dEJzKzlsclZwRDVMczF6TVduODJIa0s1MVNQSXRMc2dteWtuU1lpdGJUQVJRS3BlS2E5dmd2Vlg2QXJzMldHQUM2Uk15RldUWnF4bXlcL1AzNTgwc1Q3YWpTVWIyVHYrYjN5QllzNGt3TDJcL1VsYmt6UFpudDVFaTdpK2JMZ01RcTRcL2lySUFRQ1hxaXF3PT0iLCJtYWMiOiJmODZiMzg1M2QyYjNlYmUwZWI2NWI3OWY0OTZjMDIxNjYwYjc3MGQxZGZjYzg2ZmQ1M2FjMTA1NDRiODAwZWVmIn0%3D; XSRF-TOKEN=eyJpdiI6IlNha2syNGFldngrM2FZUU9ZeEpNWUE9PSIsInZhbHVlIjoiVEM1RllaaGl1XC9UUWg4b2RuVkNlcnhod1EzXC9xSG9SN0w2dEZiV3RKbDJwQXdTeWtZS0pMODBEOFJvM1V1emNZdEJmOGJISFwvUjNkd2pBK2NXcTRlM2c9PSIsIm1hYyI6IjljMjg0MTI2NDFmNmYzNGU2ZmJiMWE4ODg3OGE4NWVmNmVhYzc5YzI4ZmNkYTRjZDI2M2Y1YWYwZjIzNzc2NGIifQ%3D%3D; laravel_session=eyJpdiI6IjBzRHhqcWRPdmdleVhlcURuOG4rYVE9PSIsInZhbHVlIjoiTkYzOHpiQ2dyY2tHSmV2Znl4RUpiNWdHZVBMaVJNaEI5YWdOcXVRRzdsSEZqMFp5cXFWOVBjYjBobmxLSXhJUFBab1JRbTZxUVhkekZVNjY3OUVkYmc9PSIsIm1hYyI6ImIxNjA0Y2E1NDdjNDc5YzA4NGYxNTgyMTNiMjdiY2RlODg0MzFjMDQ3N2ZjMTZiNDlmN2Q5Zjg3NWU0YTc1NWEifQ%3D%3D
Host:api.ryno.dev
Origin:http://api.ryno.dev
Pragma:no-cache
Referer:http://api.ryno.dev/post
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
X-Requested-With:XMLHttpRequest …使用护照进行移动应用的api身份验证.应用程序开发人员很快就会抱怨提供的access_token的大小(1071个字符)并且必须在每个请求中传递它.
在调查时,令牌的大部分是签名部分.默认情况下,护照生成一个4096bit的rsa密钥.我发现我可以通过生成1024位密钥将令牌大小减少到559个字符.更好,但仍然比Facebook等其他服务生成的密钥大得多.
我找不到关于这个问题的很多信息,这是一个有争议的问题吗?1KB令牌没什么可抱怨的吗?减小密钥大小是个坏主意吗?还有什么可以减少尺寸的吗?
更新: 我们已决定继续不对密钥大小进行任何更改.
我正在构建一个API,我正在使用Laravel Passport进行身份验证.
API正用于我们的移动应用程序,因此我们使用密码授予客户端.
一切都很好,用户可以登录以获取访问令牌.我们创建了一个允许用户注册的注册端点.我们现在还需要API来返回访问令牌.
浏览文档无法以编程方式创建访问令牌.
如何在控制器中为密码授予客户端创建访问令牌?我显然不想对我自己的API执行HTTP请求来获取它.
我知道我可以使用个人访问授权客户端并调用createToken用户模型,但这意味着访问令牌与不同的客户端相关联.这对我来说似乎不对.
我们可以使用带有不同守卫的 laravel 护照来验证两种不同类型用户的 API。例如,我们为驱动程序用户提供驱动程序应用程序,为供应商用户提供供应商应用程序。两者都有不同的模型驱动程序和供应商。我们如何使用不同的守卫来验证使用 Laravel Passport 的两种类型的用户?
这个问题有很多版本,但我还没有找到任何处理这些特定包的版本。
我正在尝试将 laravel Passport 版本 10 安装到我的 laravel 8 安装中,运行时composer require laravel/passport我得到以下响应:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- laravel/passport[v10.0.1, ..., 10.x-dev] require illuminate/auth ^8.2 -> found illuminate/auth[v8.2.0, ..., 8.x-dev] but it conflicts with another require.
- laravel/passport v10.0.0 requires illuminate/auth ^8.0 -> found illuminate/auth[v8.0.0, ..., 8.x-dev] but it conflicts with another require.
- Root composer.json requires laravel/passport ^10.0 -> satisfiable by laravel/passport[v10.0.0, v10.0.1, 10.x-dev].
Installation failed, reverting ./composer.json and …我想为使用Passport但使用不同型号(不是用户)的Laravel添加一个自定义防护,但是当我尝试为这个防护设置用户时它不起作用.
配置/ auth.php:
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great …嗨,我正在使用一个cors中间件似乎工作正常,直到我添加Laravel Passport现在有一个问题..它显示错误
Call to undefined method Symfony\Component\HttpFoundation\Response::header() on line number 36
这是我的中间件:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Response;
class Cors
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers' => "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers"
];
if ($request->getMethod() == "OPTIONS") { …我正在使用Larave 5.4护照来创建SPA应用程序.但是,我能够进行身份验证工作.但是访问令牌总是具有600s到期时间的短期令牌.
我无法通过以下方式增加到期时间:
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
它完全没有效果.
任何帮助?提前致谢.
设置好护照后,我已经配置并创建了一个控制器,用于管理对一般外部邮寄请求的资源的“注册-登录--”访问。我不需要特定的客户。但是,当我尝试在注册或登录中创建令牌时:
$tokenObj=$user->createToken('APPLICATION')->accessToken;
错误是:
RuntimeException:找不到个人访问客户端。请创建一个。在第94行堆栈C:\ xampp7.1 \ htdocs \ passport \ vendor \ laravel \ passport \ src \ ClientRepository.php中的堆栈跟踪:1. RuntimeException->()C:\ xampp7.1 \ htdocs \ passport \ vendor \ laravel \ passport \ src \ ClientRepository.php:94 2. Laravel \ Passport \ ClientRepository-> personalAccessClient()C:\ xampp7.1 \ htdocs \ passport \ vendor \ laravel \ passport \ src \ PersonalAccessTokenFactory.php:71
我该如何解决?
我使用 Laravel Passport 创建了一个身份验证控制器,但结果与通常不同。变量$token = $user->createToken('TestApp')->accessToken;不会在oauth_access_tokens表中生成标记,而是在personal_access_token表中创建标记
我的注册控制器是
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'username' => 'required|unique:users,username',
'email' => 'required|email|unique:users,email',
'password' => 'required|confirmed',
'phone' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error'=>$validator->errors()], 401);
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$verifyUser = UserVerfication::create([
'user_id' => $user->id,
'token' => sha1(time())
]);
\Mail::to($user->email)->send(new VerifyMail($user));
$token = $user->createToken('TestApp')->accessToken;
return response()->json([
'success' => true,
'message' => 'Registration Success',
'data' => …laravel-passport ×10
laravel ×9
php ×4
laravel-5 ×2
access-token ×1
api ×1
cors ×1
dropzone.js ×1
laravel-5.3 ×1
laravel-5.4 ×1
laravel-5.6 ×1
laravel-5.7 ×1
laravel-8 ×1
oauth ×1
oauth-2.0 ×1