Laravel 6 护照 returns 400 对错误凭证的错误请求
Laravel 6 passport returns 400 Bad request on wrong credential
我使用 Laravel 6 passport grant password 作为我的 Vue 后端。
当我将正确的凭据发送到 oauth/token 时它有效并且 returns 令牌,但是当我发送错误的 (email/password) 它 returns 400 而不是 401 与此消息。
{
"error": "invalid_grant",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
我检查了 client_id 和 client_secret。
我测试了新安装的 Laravel + passport 没有单行代码,Laravel 5.8 returns 401 没有任何问题但是 Laravel 6 returns 400 错误请求。
你有什么想法吗?
终于找到问题了,问题又回到league/oauth2-server,Laravel passport.
他们在版本 8 中将响应从 401 更改为 400。
我将登录部分的代码更改为此。
switch ($e->getCode()) {
case 400:
case 401:
return response()->json('Your credentials are incorrect. Please try again', $e->getCode());
break;
default:
return response()->json('Something went wrong on the server', $e->getCode());
}
您可以在 App\Exceptions\Handler
上添加错误处理程序
use League\OAuth2\Server\Exception\OAuthServerException;
class Handler extends ExceptionHandler
{
public function render($request, Exception $exception)
{
if (get_class($exception) === OAuthServerException::class) {
response()->json(['message' => $exception->getMessage()], 401);
}
}
}
我不得不在 laravel 7.x 中使用以下代码将 400 级错误转换为 app/Exceptions/Handler.php
中的 401
注意: 检查 OAuthServerException::class 类型
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $exception
* @return \Illuminate\Http\Response
*/
public function render($request, Throwable $exception)
{
if (get_class($exception) === \Laravel\Passport\Exceptions\OAuthServerException::class) {
return response(['message' => $exception->getMessage()], 401);
}
return parent::render($request, $exception);
}
更新 UserFactory 密码(使用 Hash::make() 而不是 bcrypt)
试试这个:
php artisan passport:keys --force
php artisan passport:client --password
然后编辑您的 .env
PASSPORT_CLIENT_ID="Client ID"
PASSPORT_CLIENT_SECRET="Client secret"
我使用 Laravel 6 passport grant password 作为我的 Vue 后端。
当我将正确的凭据发送到 oauth/token 时它有效并且 returns 令牌,但是当我发送错误的 (email/password) 它 returns 400 而不是 401 与此消息。
{
"error": "invalid_grant",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
我检查了 client_id 和 client_secret。
我测试了新安装的 Laravel + passport 没有单行代码,Laravel 5.8 returns 401 没有任何问题但是 Laravel 6 returns 400 错误请求。
你有什么想法吗?
终于找到问题了,问题又回到league/oauth2-server,Laravel passport.
他们在版本 8 中将响应从 401 更改为 400。
我将登录部分的代码更改为此。
switch ($e->getCode()) {
case 400:
case 401:
return response()->json('Your credentials are incorrect. Please try again', $e->getCode());
break;
default:
return response()->json('Something went wrong on the server', $e->getCode());
}
您可以在 App\Exceptions\Handler
上添加错误处理程序use League\OAuth2\Server\Exception\OAuthServerException;
class Handler extends ExceptionHandler
{
public function render($request, Exception $exception)
{
if (get_class($exception) === OAuthServerException::class) {
response()->json(['message' => $exception->getMessage()], 401);
}
}
}
我不得不在 laravel 7.x 中使用以下代码将 400 级错误转换为 app/Exceptions/Handler.php
注意: 检查 OAuthServerException::class 类型
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $exception
* @return \Illuminate\Http\Response
*/
public function render($request, Throwable $exception)
{
if (get_class($exception) === \Laravel\Passport\Exceptions\OAuthServerException::class) {
return response(['message' => $exception->getMessage()], 401);
}
return parent::render($request, $exception);
}
更新 UserFactory 密码(使用 Hash::make() 而不是 bcrypt)
试试这个:
php artisan passport:keys --force
php artisan passport:client --password
然后编辑您的 .env
PASSPORT_CLIENT_ID="Client ID"
PASSPORT_CLIENT_SECRET="Client secret"