Laravel Passport身份验证问题:始终返回未经身份验证的
[英]Laravel Passport Authentication Issues: Always returns unauthenticated
问题描述
After looking through dozens of answers, I still can't find a solution to his issue. 
浏览了几十个答案之后,我仍然找不到解决他问题的方法。
Problem 问题
Every time I make an authenticated request, the response is {"error":"Unauthenticated."} 每次我发出经过身份验证的请求时,响应均为{"error":"Unauthenticated."}
Routes 路线
Here are the routes I've been testing with. 这是我一直在测试的路线。
use Illuminate\Http\Request;
use Laravel\Passport\Http\Middleware\CheckClientCredentials;
Route::get('/test', function () {
return 'Hello World';
})->middleware('auth:api');
Route::middleware('auth:api')->get('/test2', function (Request $request) {
return 'Hello World';
});
Setup 设定
I set this project up as the tutorial instructed, and used the PHP artisan commands to construct my database. 我按照教程的指示设置了该项目,并使用PHP artisan命令构建了数据库。 I then began to use Postman test it. 然后,我开始使用邮递员对其进行测试。
The token is acquired using a grant_type: password , client credentials, and user credentials. 令牌是使用grant_type: password获取的grant_type: password ,客户端凭据和用户凭据。 A "Bearer " . $token 一个"Bearer " . $token "Bearer " . $token type is then granted. 然后授予"Bearer " . $token类型。
What I've Done and Tested 我做过和测试过的
I've checked the .htaccess, token expiration date, namespaces, and other common errors. 我已经检查了.htaccess,令牌到期日期,名称空间和其他常见错误。 I setup a test function to check my header information. 我设置了一个测试功能来检查我的标题信息。 The results are posted below. 结果如下。 For some reason, the issue persists. 由于某些原因,问题仍然存在。 There also aren't any actual errors... No error.log updates, just a response from the API letting me know the user is not authenticated. 也没有任何实际错误...没有error.log更新,仅来自API的响应使我知道用户未通过身份验证。
array:12 [
"cookie" => array:1 [
0 => "XSRF-TOKEN=eyJpdiI6IkwrNGxLOGVtc1M1Y2lYeUMraldTK3c9PSIsInZhbHVlIjoibHRzdVo3bFVJOFhuMDJvZ3RoNEYxK1NsdmhRenZkbmp5b2xuYXVzWTdIUGJ2WGFUbXBiK1JFQ0VNSVlNbjdIbHVmcndmKzBaMzVJbGkxelZFdllhM0E9PSIsIm1hYyI6ImZhMDJjZDIwNDgxMTRkMDdjYTBkYmMwODc4YzQ4ZmM3OGFkZTI3NzY1ZDA5NTAyODhkYjRlNTY1OGUyMTYyNGEifQ%3D%3D; laravel_session=eyJpdiI6Im5hTnVLS3cyc1BzQldudkN2bFNcLzZRPT0iLCJ2YWx1ZSI6IjIwXC8yRkM3Sk4rWkg0ZFFlaG9RYVErc2ZJT0taSHoxOTU3UVpxejdPZ2MzcHBSc2FCd1NweEZwU2kzQXUxZ1VCVmY1dzZIZldFb2J5QXkwMFwvZmpId1E9PSIsIm1hYyI6ImQxZDIzOGQ0NzllOTg4NmZmZDk2NGI1NDNhMzcwNmI1MWE2MzY0YWIzZTgxZjYzOTAxYjhlMWQ1ZTExNzBiMTEifQ%3D%3D"
]
"accept-language" => array:1 [
0 => "en-US,en;q=0.8,fr;q=0.6"
]
"accept-encoding" => array:1 [
0 => "gzip, deflate, sdch"
]
"postman-token" => array:1 [
0 => "864e4343-e8f1-2efd-1a75-11660313ba3d"
]
"authorization" => array:1 [
0 => "Bearer 0dea6edd3f655463c4e19cf26ef10755bcfbff5dcdbe44cd44c1d7a84c250c359c65f064737752e6"
]
"cache-control" => array:1 [
0 => "no-cache"
]
"accept" => array:1 [
0 => "application/json"
]
"connection" => array:1 [
0 => "close"
]
"x-http-proto" => array:1 [
0 => "HTTP/1.1"
]
]
Suspicions 怀疑
At this point, I think I just must be using some of the tools wrong. 在这一点上,我认为我只是必须使用某些错误的工具。 I'm hoping it is a simple mistake, but I'm just completely at a loss as to what it could be. 我希望这是一个简单的错误,但是我完全不知所措。
(Edit 1) Scope Issues: Hey, could it possibly be a problem with the scope of the tokens? (编辑1)范围问题:嘿,令牌scope可能有问题吗?
(Edit 2) SQL Error I managed to find an error to work off of. (编辑2)SQL错误我设法找到一个错误可以解决。 It is a bit odd though. 虽然有点奇怪。
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'api_token' in 'where clause' (SQL: select * from `users` where `api_token` = {AccessToken} limit 1)
1 个解决方案
解决方案1
0 2017-12-18 19:01:51
My Solution 我的解决方案
I actually had a few issues with my program, but even after solving them, I still had errors. 我的程序实际上有一些问题,但是即使解决了这些问题,我仍然有错误。
My database wasn't set up properly
我的数据库设置不正确 My "Order of Operations" was off.
我的“操作顺序”已关闭。 I kept requesting tokens and setting up clients in the wrong order. 我一直要求令牌并以错误的顺序设置客户端。 I thought of my clients as the users, which is incorrect, and a root to many of my issues. 我认为我的客户是用户,这是不正确的,并且是许多问题的根源。 I misused the tool in general.
我一般都滥用该工具。 I never actually tried to log into the user account, only the client one. 我从来没有尝试过登录用户帐户,只有客户端一个。 This, of course, doesn't make sense, and is why I failed. 当然,这没有道理,这就是我失败的原因。
So my solution was to stop using Passport altogether. 因此,我的解决方案是完全停止使用Passport。
What if I still need to get passport working?
Since my solution didn't require me to get passport working, I can only help you so much. 由于我的解决方案不需要我办理护照,因此我只能为您提供很多帮助。 When I finally figured out how to authenticate was the second I realized I didn't need it... 当我终于弄清楚如何进行身份验证时,我意识到我不需要它了。
- Make sure your database is set up properly. 确保您的数据库设置正确。 You can test this by making your own database calls inside your router for debugging. 您可以通过在路由器内部进行自己的数据库调用以进行调试来进行测试。 Ensure you can access all the required fields. 确保您可以访问所有必填字段。
- Use clients properly. 正确使用客户端。 I was trying to use clients like they were users because I thought this was the best way to implement a token API. 我试图像使用用户一样使用客户端,因为我认为这是实现令牌API的最佳方法。 It is not. 它不是。 Make sure you have users accounts set up already, and treat clients as a "Window" that can be climbed through by the application, third-party, etc. Maybe take a step back and plan it out a bit more. 确保您已经设置了用户帐户,并将客户端视为可被应用程序,第三方等浏览的“窗口”。也许可以退后一步,并对其进行更多规划。
What if I don't need to get passport working?
If you're in the same boat as me, and it is actually best to stop using Passport, then I suggest going with the basic auth inside Laravel. 如果您与我同在一条船上,并且实际上最好是停止使用Passport,那么我建议在Laravel中使用基本身份验证。 It is easy to setup, and won't take long to learn. 它很容易设置,而且学习时间不会很长。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.