laravel 5.3 passport https://laravel-china.org/doc...
api路由是官方的示例:
Route::get('/user', function (Request $request) { return $request->user(); })->middleware('auth:api')
使用 Authorization: Bearer eyJ0eXAiO....
的方式请求API
如果是使用$token = $user->createToken('Token Name')->accessToken
生成 私人访问令牌
,
得到token之后,请求可以成功
但是使用(这也是官方示例程序)
Route::get('/connect', function () { $query = http_build_query([ 'client_id' => '2', 'redirect_uri' => url('/redirect'), 'response_type' => 'code', 'scope' => 'email', ]); return redirect(url('/oauth/authorize?'.$query)); }); Route::get('/redirect', function (Request $request) { $http = new GuzzleHttp\Client; $response = $http->post(url('/oauth/token'), [ 'form_params' => [ 'grant_type' => 'authorization_code', 'client_id' => '2', 'client_secret' => 'TYtsC5iTPh4oNysvjvv7KJV4qda7sc0bwIH2Gpdp', 'redirect_uri' => url('/redirect'), 'code' => $request->input('code'), ], ]); return json_decode((string) $response->getBody(), true); });
先登录,然后请求connect
,授权
之后,跳转到redirect
获取得到access_token
使用 Authorization: Bearer access_token
总是 {"error":"Unauthenticated."}
我不太理解通过authorization_code
和私人令牌
有什么区别,不都是令牌吗?只是有效期的问题
为何通过authorization_code
得到的令牌无法使用?
生成的都在oauth_access_tokens
表中,也没什么区别。
使用authorization_code
生成的 access_token
在https://jwt.io/无法校验通过,私人令牌
可以
官网也介绍的非常少。
是我自己的问题
{"token_type":"Bearer","expires_in":1296000,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjQ0ZmQ5NmMwOTRmZDE3MmIzYWM2YTQ1NWVhYTIyNTUyNWExZWY2ODM0ODQwNjc5MGE3MjliYTI2N2VjNWRhMmVmZTJkN2RmZjc3NzVlMDM1In0.eyJhdWQiOiI3IiwianRpIjoiNDRmZDk2YzA5NGZkMTcyYjNhYzZhNDU1ZWFhMjI1NTI1YTFlZjY4MzQ4NDA2NzkwYTcyOWJhMjY3ZWM1ZGEyZWZlMmQ3ZGZmNzc3NWUwMzUiLCJpYXQiOjE0ODM1Mzc0NTgsIm5iZiI6MTQ4MzUzNzQ1OCwiZXhwIjoxNDg0ODMzNDU4LCJzdWIiOiIxIiwic2NvcGVzIjpbImVtYWlsIl19.he71f5dW3DesjMwHiDWmfv4Y2U2fyNjK95PLrgL_asvBpIVIqLx-OyM5CeT5bNIR0mgDwQc_NWDdZw1yQQKOU_1EGmtEnXMfW0FsGYmByecTvJv1cU4Q2FER3hc48XLzyQBOxmCLM7t79oPM9zfKOZAEVnjANb-PBFNYAMMSHBpkPmBAg379vGADIQegDV7xxUtmtcQiMng4cCPOtUCn5WL5VmUiCBfZ_IqNzXiOrhpH6jfCIFUNv8wye4l6m09RmYl9d5YKc5MhjlOwCvXipQZYV3w_j0v2eD5m5B7OyZDpAvujXdZ77-kS79mq9GXSs7CnIlSiXYj4E9VrZXvoqNy5vLPwrOyuwT7whEwEufKib6OBRdG1KxflUiL3SnPobRAmVopri_EBQDkCAExx4zE72grpNuZUIfpn6daBzN27rj4_Y3WMKwyaToYiCKKbXiyc3e-RhNaibWg2kojr6hxPYQydNR4XiutWFatnR_2eMNZxTCmu3rpDmhjFqpWYcM1jkLxU1WqX44GFXawcfCyBQ7Xc85bF1ZvKtNTY-3UHjQJfmSktCW-V87_P1_x34amvJ2QAvgGGXUqDuL8oUjcAwRUDOYOWHl-f8h8a7FcvqvQmpgF7n4Mnil-nIbFDP9mrs-IAG4_v238jbBWmG0K63ZbbHduBbBl-h8XF5KA","refresh_token":"j21Ps5UqJmhjOY\/NgGmjeKPDji\/cCNmmqEzw5d5jfdcqXx1W+LrvNR3v1T1Hh+FY1imIV4avhmbasyu\/4lQUhD0DVptQjkm7qP67MKW5g2vOGp7910vv\/ECGFFmCbEiLBQmpZnS4YLSItZ0DqRJtZYJecCBKSixPWzUAPQcsjGD393MswWDsOWshHn89VkaDwPgilmiG\/x2JXDTtEQbDBalTqNceqEFxagQMouc80fcvzA2bwMP7HVEYINQEikp4yxqdS+d\/wUBQn4KbOCzESx8jy7aOGCMCToGucpPocpkgGK0fMpc4OH6d9mighA6c2hfBQJg1kWUn22P40RtgR2u7eCFg+G9zyZiv6Nbi7bRGMAN5amPFnHULe6Q2+slyuHjhjaRm78PY8DZ+R5kNhXhm016V20oM8+Wb3sv4A2\/inHxiQbnNCWgxHREYkCRCqcX2Sg66Sgj5Wky6XWWJwkSTJ0NK0HHDYvDdpxfOuU9FsZTPDLfWtxV6zBy\/Ynh1wVp7PDH7CFeLXrZ77crRydjtBBdF0TRFwO2gxn3bb2PIUt22ah5uLICG4U62Cbng+AmHLobUOktqw0lRp2IxOBwZv77TDUD7sbxHyk6rI1tkMibTA2HB9LJgAvKYverJOjdI5dN+EniWirJiTasVvNC6+2LrW4QCWGZdNTqnB0c="}
Chrome没有装JSON的高亮组件,我居然没发现中间有一个refresh_token
导致我从头复制到尾了,调试了几个小时,哎。