发表新帖
发表新帖

Laravel Passport Scopes

后端 未结
关注
6 1030
灰色年华
灰色年华 2020-11-28 21:10

I am a bit confused on the laravel scopes part.

I have a user model and table.

How can I assign a user the role of user, customer and/or admin.

I hav

6条回答
  • 刺人心
    刺人心 (楼主)
    2020-11-28 21:43

    I've managed to get this into working, with @RaymondLagonda solution, for Laravel 5.5 with Sentinel, but it should, also work, without Sentinel.

    The solution needs some class methods overriding (so please keep that in mind, for future updates), and adds some protection to your api routes (not exposing client_secret for example).

    First step, is to modify your ApiLoginController in order to add construct function:

    public function __construct(Request $request){
        $oauth_client_id = env('PASSPORT_CLIENT_ID');
        $oauth_client = OauthClients::findOrFail($oauth_client_id);

        $request->request->add([
            'email' => $request->username,
            'client_id' => $oauth_client_id,
            'client_secret' => $oauth_client->secret]);
    }

    In this example, you need to define var ('PASSPORT_CLIENT_ID') in your .env and create OauthClients Model, but you can safely skip this by putting your proper test values here.

    One thing to notice, is that we are setting $request->email value to username, just to stick to Oauth2 convention.

    Second step is, to override, sendLoginResponse method which is causing errors like Session storage not set, we don't need sessions here, cause it is api.

    protected function sendLoginResponse(Request $request)
    {
//        $request->session()->regenerate();

        $this->clearLoginAttempts($request);

        return $this->authenticated($request, $this->guard()->user())
            ?: redirect()->intended($this->redirectPath());
    }

    Third step is, to modify your authenticated methods as suggested by @RaymondLagonda. You need to write your own logic here, and especially configure your scopes.

    And final step (in case you are using Sentinel) is to modify AuthServiceProvider. Add 

    $this->app->rebinding('request', function ($app, $request) {
            $request->setUserResolver(function () use ($app) {
                 return \Auth::user();
//                return $app['sentinel']->getUser();
            });
        });

    just after $this->registerPolicies(); in boot method.

    After these steps you should be able, to get your api working, by providing username ('this will always be email, in this implementation'), password and grant_type='password'

    At this point, you can add to middlewares scopes scopes:... or scope:... to protect your routes.

    I hope, it is going to really help...

    0 讨论(0)
 看不清?
提交回复
热议问题