堆棧內存溢出
  簡體   English   中英

是什么阻止了此 Laravel 8 API 中的 Auth0 授權?

[英]What prevents the Auth0 authorization in this Laravel 8 API?

 原文  2022-02-02 11:10:52       php/ laravel/ laravel-8/ auth0

問題描述

我正在研究 Laravel 8 API。 我使用 Auth0 進行用戶注冊和登錄。

我需要 Auth0 返回的用戶 ID 才能在我自己的應用程序中使用。

為此,我有代碼:

routes\api.php

// Public routes
Route::get('/authorize', [AuthController::class, 'authorize']);

// Protected routes
Route::group(['middleware' => ['jwt']], function () {
  Route::get('/user-profile', [UserController::class, 'getUserId']);
  // More routes
});

AuthController 中

namespace App\Http\Controllers;
use App\Http\Controllers\AuthController;
// More code

class AuthController extends Controller {
    protected $appDomain;
    protected $appClientId;
    protected $appClientSecret;
    protected $appAudience;
    
    public function authorize(){

        $this->appDomain = 'https://' . config('laravel-auth0.domain');
        $this->appClientId = config('laravel-auth0.client_id');
        $this->appClientSecret = config('laravel-auth0.client_secret');
        $this->appAudience = config('laravel-auth0.api_identifier');

        $curl = curl_init();

        curl_setopt_array($curl, array(
            CURLOPT_URL => "$this->appDomain/oauth/token",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "POST",
            CURLOPT_POSTFIELDS => "{\"client_id\":\"$this->appClientId\",\"client_secret\":\"$this->appClientSecret\",\"audience\":\"$this->appAudience\",\"grant_type\":\"client_credentials\"}",
            CURLOPT_HTTPHEADER => array(
                "content-type: application/json"
            ),
        ));

        $response = curl_exec($curl);
        $err = curl_error($curl);

        curl_close($curl);

        if ($err) {
            return "cURL Error #:" . $err;
        } else {
            return $response;
        }
    }
}

用戶控制器中:

class UserController extends AuthController {
    // More code
    public function getUserId(){

        // Do authorization
        parent::authorize();

        $curl = curl_init();

        curl_setopt_array($curl, array(
            CURLOPT_URL => "$this->appDomain/userinfo",
            CURLOPT_HTTPHEADER => array(
                "content-type: application/json"
            ),
        ));

        $response = curl_exec($curl);
        $err = curl_error($curl);

        curl_close($curl);

        if ($err) {
            return "cURL Error #:" . $err;
        } else {
            return $response;
        }
    }

    // More code
}

問題

當我訪問/user-profile路由時,Potman 會拋出Unauthorized的響應。

盡管/authorize路由確實返回了令牌,但還是發生了這種情況:

{"access_token":"somerandom.longtoken","scope":"read:users update:users delete:users","expires_in":86400,"token_type":"Bearer"}

問題

我的錯誤在哪里?

更新

根據@IProSoft 的回答,在UserController中我有:

public function getUserId(){

    $access_token = parent::authorization()->access_token;

    $client = new \GuzzleHttp\Client;
        try {
                $client = new \GuzzleHttp\Client(['headers' => [
                        'authorization' => 'Bearer' . $access_token,
                        'content-type' => 'application/json'
                ]]);
                
                $response = $client->request('GET', $this->appDomain . '/userinfo');

                $response = json_decode($response->getBody());
        }
        catch (\GuzzleHttp\Exception\ClientException $e) {
                $response = $e->getResponse();
        }

        return  $response;
}

我在 Postman 中收到此錯誤:

Error: Class 'Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory' not found in \vendor\laravel\framework\src\Illuminate\Routing\Router.php
是什么導致了這個錯誤?

1 個解決方案

解決方案1
 0  2022-02-03 10:52:34

此代碼僅用於向您展示方式,未檢查等。

首先安裝和學習 Guzzle

composer require guzzlehttp/guzzle:^7.0

在授權方法中,您可以將所有內容更改為:

$client = new GuzzleHttp\Client;
try {
    $client = new \GuzzleHttp\Client();
    $response = $client->request('POST', $this->appDomain . '/oauth/token', [
        'form_params' => [
            {
                "client_id":        $this->appClientId,
                "client_secret":    $this->appClientSecret,
                "audience":         $this->appAudience,
                "grant_type":       "client_credentials"
            }
        ]
    ]);

    $response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
    $response = $e->getResponse();
}

return $response;

第二:如果要獲取用戶ID,則必須在請求中傳遞Barer令牌

$client = new GuzzleHttp\Client;
try {
    $client = new \GuzzleHttp\Client('headers' => [
        'authorization' => 'Bearer ACCESS_TOKEN'
        'content-type' => 'application/json'
    ]]);
    $response = $client->request('GET', $this->appDomain . '/userinfo');

    $response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
    $response = $e->getResponse();
}

您不必重新發明輪子:-) 有一個現成的庫可供您使用,所有信息都可以在這里找到: https://auth0.com/docs/quickstart/webapp/laravel/01-login

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Laravel Auth0未經授權的用戶 在laravel 5.3中使用auth0 Laravel 8 和 Auth0 插件 6.2 的 Auth0“無效狀態”異常 如何在此 Laravel 8 和 Auth0 API 中獲取當前用戶的 ID? laravel 5.8 上的 Auth0 無法驗證端點:Auth0\Login\Auth0Service::__construct() 必須是數組類型,null 給出, Laravel API調用失敗。 PostMan使用基本身份驗證覆蓋授權標頭 Laravel auth0 用戶搜索返回完整列表 Auth0 Laravel種子項目。 始終未經授權 Laravel Auth:api 不會堅持 php auth0 api更新app_data
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM