![](/img/trans.png)
[英]Laravel Passport API Authentication not working with Bearer Token
[英]Laravel bearer token authentication
我想對來自移動用戶的 API 請求進行身份驗證。
我遵循了這一點,並在users
表中創建了api_key
列。
我還創建了中間件:
public function handle($request, Closure $next)
{
$token = $request->bearerToken();
return $next($token);
}
我想要的是從header
獲取bearer
令牌並對照用戶表檢查它。
如何做到這一點?
Append auth:api
中間件到任何路由或路由組,並且將自動為您檢查承載令牌,無需自定義中間件
Route::get('url', 'controller@method')->middleware('auth:api');
但要回答這個問題,這是你可以做的(仍然不推薦但有效)
<?php
namespace App\Http\Middleware;
use Closure;
class ApiAuthentication
{
public function handle($request, Closure $next)
{
$token = $request->bearerToken();
$user = \App\User::where('api_token', $token)->first();
if ($user) {
auth()->login($user);
return $next($request);
}
return response([
'message' => 'Unauthenticated'
], 403);
}
}
在App\Http\Kernel
中注冊中間件
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
// Here for example
'custom_auth' => \App\Http\Middleware\ApiAuthentication::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
並使用該中間件名稱保護路由
Route::get('/', function () {
// Return authenticated user model object serialized to json
return auth()->user();
})->middleware('custom_auth');
我會推薦laravel/passport
,因為它更安全、更容易。 點擊這里。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.