Let's assume there is an application with 10 dynamic pages (probably forms) out of which, 8 pages are restricted (requires user to login in application) and 2 pages are available for anonymous users.
My front end application is in Angular 2 and back-end API is developed in Laravel 5.4. I'm more fascinated towards JWT tokens and found that, laravel has in-built support through passport.
Questions:
- I can easily use password grant tokens for those 8 restricted page. But how do I give guest token to my Angular app for accessing those 2 pages
- How can I restrict guest user for accessing API features of 8 restricted page. (Or how do I check if visited user is guest or logged in user at API end)
Note: I cannot use Personal Access Tokens as it will allow my app to use any restricted API feature.
I've used JWT approach here. In my case, I created JWT token from my API. For those who wants to use JWT feature, they can take a look at this package. I added new payload called "Guest" and assigned boolean value to it. In my database, I added new user (called anonymous user) and stored the id of it in my laravel configuration.
Next, I created new middleware VerifyJwtToken, which validates the user, extracts it's payload (with base64_decode) and identify if it is guest. Now all of my Laravel routes are inside this middleware.
Next, I stored this token in laravel session as well as localStorage (for accessing it through angular).
Now, I can easily access this token from localStorage. In the Angular end i used Angular2Jwt package which helps extracting the token and identifying if it is guest or logged in user. I also created HTTP Interceptor in Angular 4 which adds JWT token as header in every API requests.
来源:https://stackoverflow.com/questions/42487333/laravel-passport-guest-token