laravel-passport

问题 I am using a Laravel version 5.5 using Passport for authentication. I have successfully create the token and can access it using the auth:api middleware. But whenever user login into system it create new token for that user. I just want to refresh user last token and send it back instead of creating a new token. I have used the following code to generate auth token $token = $user->createToken('string-'.$user->id)->accessToken; It generate the token with 1075 characters but when i checked in

问题 In our app when user logs out we invalidate the access token for that particular device this way. $user = $request->user(); $value = $request->bearerToken(); $id = (new Parser())->parse($value)->getHeader('jti'); $token = $user->tokens->find($id); $token->revoke(); But when an user deactivates his/her account, we would like to invalidate all the access tokens from all the devices the user is logged in. I looked through the document but did not find anything useful. Thanks 回答1: Take a look at

问题 Every user of my application may use the API only within the application with Vue. The old api_token solution works for me, but it seems to be insecure since the api_token is the only thing that separates the user from the data. I've read about Passport that uses OAuth2 methodology which is far more secure than a simple api_token . Is there a way to use Passport to achieve this? Note that every time a user is created, I must create a API token to him. We have no plans to open this API for

问题 I am trying to figure out how to handle the Password Grant Tokens in Passport package. Should i store the client_id and client_secret in .env file or fetch the values direct from the database while requesting for a the token? 回答1: It depends on what you are finally trying to achieve. Passport tokens are always stored in DB , and this is the right place to retrieve them (unless you are optimizing your production app, to gain less db load). So, if you want to build an api endpoint, you can

问题 I have an issue on a prod server that I don't have in local. Laravel send me an error which says that there is a header issue. I think this is an Apache issue. I work on my local machine with Mamp. Laravel is using OAuth with Laravel Passport. I've tried on my local machine and it's working. I'm running on a Apache server too. On my production server, as soon as I want to login on my application, I have this error : ERROR 500 : InvalidArgumentException, Invalid header value: must be a string

问题 I am working on a project where 3rd party apps can access data from Laravel server. I also have created a client application in laravel for testing. Following code ask for authorization and its working fine. Route::get('/applyonline', function () { $query = http_build_query([ 'client_id' => 5, 'redirect_uri' => 'http://client.app/callback', 'response_type' => 'code', 'scope' => '', ]); return redirect('http://server.app/oauth/authorize?'.$query); }); How can I authenticate a user before

问题 I'm building an app using Angular 2 (no known as 4) as frontend and Laravel 5.4 as API backend. I'm using Laravel's passport password grant feature to authenticate user access to API. The Frontend is not directly accessing oauth routes. My custom auth controller is talking to oauth/token to get the grant values. This setup is working perfectly fine in my local environment, but in AWS EC2 it throws 500 internal server error. I thought it could be related to GuzzleHttp\Client, but it was not.

问题 I'm new to api authentication (passport) in laravel. Is it possible to guard api routes using $this->middleware('auth:api'); even if used the laravel built in authentication (php artisan make:auth) ? 回答1: you can guard your api with auth:api , just need to change the api guard driver to passport in config/auth.php 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ //'driver' => 'token', 'driver' => 'passport', 'provider' => 'users', ], ], 来源： https:/

问题 I am trying to edit expires_at field of my token with a middleware like bellow namespace App\Http\Middleware; use Carbon\Carbon; use Closure; use Auth; class Refresh { /** * @param $request * @param Closure $next * @return mixed */ public function handle($request, Closure $next) { $token = Auth::user()->token(); $expiresDate = $token->expires_at; $currentDate = Carbon::now(); $diff = date_diff_in_minutes($currentDate, $expiresDate); $baseExpire = site_config('token_expires_minutes'); if (

问题 The Problem I've been trying to use Laravel Passport and I'm countinously getting the error {"error":"invalid_client","message":"Client authentication failed"}. I have used it in this Android and Laravel project but I just can register the user correctly as I see the proper data in the database. Then when the Android app tries to get the access token it crashes because the server return the previous error message. I have also been following this YouTube tutorial exactly as it is explained but