堆栈内存溢出
  简体   繁体   English

Laravel与OAuth2问题

[英]Laravel with OAuth2 issue

 原文  2017-02-09 11:35:56       php/ laravel-5/ oauth-2.0

问题描述

I am working on a project with laravel and lucadegasperi/oauth2-server-laravel with password grand type. 我正在使用laravel和lucadegasperi / oauth2-server-laravel使用密码大类型的项目。 Everything is working fine and all my API endpoints are protected by oauth2. 一切正常,我的所有API端点均受oauth2保护。

I only have one API that should always return a JSON data response but this response depends if the user is logged in or not. 我只有一个应始终返回JSON数据响应的API,但是此响应取决于用户是否登录。 And since the Auth check is being handled in the Middleware "OAuthExceptionHandlerMiddleware", if the user is not logged in the request is stopped and do not reach my controller and i get the following response: 并且由于在中间件“ OAuthExceptionHandlerMiddleware”中处理了Auth检查,因此,如果用户未登录,则请求将停止并且不会到达我的控制器,并且我得到以下响应: 

{
  "error": "invalid_request",
  "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
}

What I am looking to achieve is to be able to handle the request inside my controller only for one API endpoint: 我希望实现的是能够仅在一个API端点上处理控制器内的请求:

  • If the user is not logged in, return the normal response + other data and not the "Invalid Request" response. 如果用户未登录,则返回普通响应和其他数据,而不是“无效请求”响应。
  • If the user is logged in return the normal response. 如果用户已登录,请返回正常响应。

Thank you for any help on how to achieve the above. 感谢您对实现上述目标的任何帮助。

2 个解决方案

解决方案1
 0  2017-02-09 11:51:26

You can add exceptions to your middleware to remove your auth rule. 您可以向中间件添加例外,以删除身份验证规则。

Something like 就像是 

$this->middleware('auth', ['except' => array('getActivate', 'getLogin')]);

see Laracasts 见《 拉拉卡斯》

解决方案2
 0 已采纳  2017-02-09 16:41:44

To authenticate inside the controller and not in the Middleware, I ended up up doing the following: 为了在控制器内部而不在中间件中进行身份验证,我最后做了以下工作: 

use League\OAuth2\Server\Entity\AccessTokenEntity;
use LucaDegasperi\OAuth2Server\Facades\Authorizer;
use Illuminate\Http\Request;

class ProductController extends Controller {

    public function __construct(Request $request) {
        $this->middleware('oauth', ['except' => ['index']]);
    }

    public function index(Request $request) {
        Authorizer::setRequest($request);
        $accessTokenString = Authorizer::getChecker()->determineAccessToken(true);
        $accessToken = Authorizer::getChecker()->getAccessTokenStorage()->get($accessTokenString);
        if ($accessToken instanceof AccessTokenEntity) {
            echo "logged In with user_id = " . $accessToken->getSession()->getOwnerId();
            //return public products + products related to user 
        }else{
            echo "not logged in";
            //return public products
        }
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Laravel Oauth2登录 - Laravel Oauth2 Login Laravel-OAuth2和Facebook - Laravel - OAuth2 and Facebook Laravel Oauth2范围和路线 - Laravel Oauth2 Scopes and Routes 在Laravel中获取OAuth2的令牌 - Get token for OAuth2 in Laravel HwiOauthBundle的Symfony 2 Oauth2问题 - Symfony 2 Oauth2 issue with HwiOauthBundle Laravel Oauth2 controller 使用 League OAuth2 客户端 - Laravel Oauth2 controller using League OAuth2 client 如何处理oauth2和csrf令牌Laravel - How to handle oauth2 and csrf token laravel Laravel 使用 oauth2 申请表格 - 概念性问题 - Laravel apply form with oauth2 - conceptional question GitLab oauth2 Laravel "{"message":"401 Unauthorized"}" - GitLab oauth2 Laravel "{"message":"401 Unauthorized"}" OAuth2在Laravel 5中看不到我的请求 - OAuth2 not seeing my request in Laravel 5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM