[英]Oauth2 & Laravel - `Client_id` & `Client_secret` - where to place, store, call?
I am using OAuth-Server-Laravel repo docs and I am using Lumen.我正在使用OAuth-Server-Laravel 存储库文档,我正在使用 Lumen。 I have successfully made work Client Credentials grant type and trying to move it to Password grant type.我已经成功地制作了客户端凭据授权类型并尝试将其移动到密码授权类型。
I added the PasswordVerifier class with verify()
function, changed my database oauth_clients
table to:我添加了带有verify()
函数的 PasswordVerifier 类,将我的数据库oauth_clients
表更改为:
$table->string('id', 40)->primary();
$table->string('username');
$table->string('password');
$table->string('email');
$table->timestamps();
$table->unique(['id', 'username']);
and verify()
function as:和verify()
函数为:
'username' => $username,
'password' => $password,
When I try it in Postman, I receive: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \\"client_id\\" parameter."
当我在 Postman 中尝试时,我收到: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \\"client_id\\" parameter."
Then I read in the issues and found out that I need to import client_id
and client_secret
beside username
and password
credentials.然后我阅读了问题,发现我需要在username
和password
凭据旁边导入client_id
和client_secret
。 I understand these are something I should define.我明白这些是我应该定义的。
But, I couldn't figure out where to place them, store them and call them?但是,我不知道将它们放置在哪里,存储它们并调用它们? Should I store them in .env
file?我应该将它们存储在.env
文件中吗? If so, how am I supposed to call it in the verify function?如果是这样,我应该如何在验证函数中调用它?
There should be an oauth_clients
table created by that package.应该有一个由该包创建的oauth_clients
表。 This defines what clients have access to make API calls to your resource server.这定义了哪些客户端有权访问您的资源服务器进行 API 调用。 Your authorization server verifies these clients exist in this table and the secrets match whenever requests are made from a client.您的授权服务器会验证这些客户端是否存在于该表中,并且无论何时从客户端发出请求,秘钥都匹配。
The structure of that table is like this:该表的结构是这样的:
id (primary)
secret
name
created_at
updated_at
Each entry in this table represents a single client-side application that has some sort of access to your API.此表中的每个条目代表一个客户端应用程序,该应用程序对您的 API 具有某种访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.