[英]Laravel/Passport doesn't redirect back to authorization form after login
以下是我在 Laravel 应用程序中处理登录的方式:
public function authenticate(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->passes()) {
$credentials = array(
'email' => $request->email,
'password' => hash('sha512', $request->password)
);
if (User::where($credentials)->exists()) {
$user = User::where($credentials)->first();
Auth::login($user, isset($request->remember));
return redirect()->back()->withInput($request);
} else {
return redirect()->route('login');
}
} else {
return redirect()->route('login', ['error' => $validator->errors()->first()]);
}
}
下面是我如何启动 Laravel Passport 的授权方法:
public function auth(Request $request)
{
$request->session()->put('state', $state = Str::random(40));
$query = http_build_query([
'client_id' => '3',
'redirect_uri' => 'http://127.0.0.1:8000/authorize/response',
'response_type' => 'code',
'scope' => '',
'state' => $state
]);
return redirect('http://127.0.0.1:9000/oauth/authorize?'.$query);
}
所以基本上当我运行auth
function 并且当我导航到http://127.0.0.1:9000/oauth/authorize....
url 我被重定向到我的应用程序的登录路由。 没关系,我需要登录才能授权。 到目前为止,一切都很好。
问题是,在我成功登录后,我没有被重定向回http://127.0.0.1:9000/oauth/authorize...
URL。为什么?
我该如何解决这个问题,以便在我登录后直接重定向回授权提示?
当我使用 PKCE 授权客户时,我也遇到了同样的问题。 我不确定这是否是实现该目标的最优雅方式,但无论如何它都有效。
为了解决这个问题,我创建了一个名为KeepClientParameters
的中间件,并将客户端请求存储在 session 中。
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class KeepClientParameters
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if ('code' === $request->get('response_type', false)) {
$allParams = $request->all();
$request->session()->put('client', $allParams);
}
return $next($request);
}
}
并在 App/Http/Kernel.php 中设置中间件优先级,低于StartSession::class
和高于AuthenticatesRequests::class
因为你应该在身份验证请求之前运行中间件,否则你将无法将你的客户端请求存储在 session 中。
/**
* The priority-sorted list of middleware.
*
* Forces non-global middleware to always be in the given order.
*
* @var string[]
*/
protected $middlewarePriority = [
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\KeepClientParameters::class,
// ...
\Illuminate\Contracts\Auth\Middleware\AuthenticatesRequests::class,
];
认证成功后,可以跳转到授权页面,在授权页面拉取session数据。
$client = $request->session()->pull('client', []);
return redirect(
route('passport.authorizations.authorize', $client)
);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.