是什么阻止了此 Laravel 8 API 中的 Auth0 授权?
What prevents the Auth0 authorization in this Laravel 8 API?
我正在研究 Laravel 8 API。我使用 Auth0 进行用户注册和登录。
我需要由 Auth0 return编辑的用户 ID 用于我自己的应用程序。
为此,我有代码:
在routes\api.php:
// Public routes
Route::get('/authorize', [AuthController::class, 'authorize']);
// Protected routes
Route::group(['middleware' => ['jwt']], function () {
Route::get('/user-profile', [UserController::class, 'getUserId']);
// More routes
});
在AuthController中:
namespace App\Http\Controllers;
use App\Http\Controllers\AuthController;
// More code
class AuthController extends Controller {
protected $appDomain;
protected $appClientId;
protected $appClientSecret;
protected $appAudience;
public function authorize(){
$this->appDomain = 'https://' . config('laravel-auth0.domain');
$this->appClientId = config('laravel-auth0.client_id');
$this->appClientSecret = config('laravel-auth0.client_secret');
$this->appAudience = config('laravel-auth0.api_identifier');
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"client_id\":\"$this->appClientId\",\"client_secret\":\"$this->appClientSecret\",\"audience\":\"$this->appAudience\",\"grant_type\":\"client_credentials\"}",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
}
在UserController中:
class UserController extends AuthController {
// More code
public function getUserId(){
// Do authorization
parent::authorize();
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/userinfo",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
// More code
}
问题
当我访问 /user-profile 路由时,Potman 抛出一个 Unauthorized 响应。
尽管 /authorize 路线 确实如此
return令牌:
{"access_token":"somerandom.longtoken","scope":"read:users update:users delete:users","expires_in":86400,"token_type":"Bearer"}
问题
我的错误在哪里?
更新
根据@IProSoft 的回答,在 UserController 我有:
public function getUserId(){
$access_token = parent::authorization()->access_token;
$client = new \GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client(['headers' => [
'authorization' => 'Bearer' . $access_token,
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (\GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
}
我在 Postman 中收到此错误:
Error: Class 'Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory' not found in \vendor\laravel\framework\src\Illuminate\Routing\Router.php
导致此错误的原因是什么?
此代码仅用于为您指路,不用于检查等
首先安装和学习 Guzzle
composer require guzzlehttp/guzzle:^7.0
在授权方法中您可以将所有内容更改为:
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client();
$response = $client->request('POST', $this->appDomain . '/oauth/token', [
'form_params' => [
{
"client_id": $this->appClientId,
"client_secret": $this->appClientSecret,
"audience": $this->appAudience,
"grant_type": "client_credentials"
}
]
]);
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
其次:如果要获取用户id,必须在请求中传递Barer token
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client('headers' => [
'authorization' => 'Bearer ACCESS_TOKEN'
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
您不必重新发明轮子 :-) 有一个现成的库可供您使用,所有信息都可以在这里找到:https://auth0.com/docs/quickstart/webapp/laravel/01-login
我正在研究 Laravel 8 API。我使用 Auth0 进行用户注册和登录。
我需要由 Auth0 return编辑的用户 ID 用于我自己的应用程序。
为此,我有代码:
在routes\api.php:
// Public routes
Route::get('/authorize', [AuthController::class, 'authorize']);
// Protected routes
Route::group(['middleware' => ['jwt']], function () {
Route::get('/user-profile', [UserController::class, 'getUserId']);
// More routes
});
在AuthController中:
namespace App\Http\Controllers;
use App\Http\Controllers\AuthController;
// More code
class AuthController extends Controller {
protected $appDomain;
protected $appClientId;
protected $appClientSecret;
protected $appAudience;
public function authorize(){
$this->appDomain = 'https://' . config('laravel-auth0.domain');
$this->appClientId = config('laravel-auth0.client_id');
$this->appClientSecret = config('laravel-auth0.client_secret');
$this->appAudience = config('laravel-auth0.api_identifier');
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"client_id\":\"$this->appClientId\",\"client_secret\":\"$this->appClientSecret\",\"audience\":\"$this->appAudience\",\"grant_type\":\"client_credentials\"}",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
}
在UserController中:
class UserController extends AuthController {
// More code
public function getUserId(){
// Do authorization
parent::authorize();
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/userinfo",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
// More code
}
问题
当我访问 /user-profile 路由时,Potman 抛出一个 Unauthorized 响应。
尽管 /authorize 路线 确实如此
return令牌:
{"access_token":"somerandom.longtoken","scope":"read:users update:users delete:users","expires_in":86400,"token_type":"Bearer"}
问题
我的错误在哪里?
更新
根据@IProSoft 的回答,在 UserController 我有:
public function getUserId(){
$access_token = parent::authorization()->access_token;
$client = new \GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client(['headers' => [
'authorization' => 'Bearer' . $access_token,
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (\GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
}
我在 Postman 中收到此错误:
Error: Class 'Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory' not found in \vendor\laravel\framework\src\Illuminate\Routing\Router.php
导致此错误的原因是什么?
此代码仅用于为您指路,不用于检查等
首先安装和学习 Guzzle
composer require guzzlehttp/guzzle:^7.0
在授权方法中您可以将所有内容更改为:
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client();
$response = $client->request('POST', $this->appDomain . '/oauth/token', [
'form_params' => [
{
"client_id": $this->appClientId,
"client_secret": $this->appClientSecret,
"audience": $this->appAudience,
"grant_type": "client_credentials"
}
]
]);
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
其次:如果要获取用户id,必须在请求中传递Barer token
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client('headers' => [
'authorization' => 'Bearer ACCESS_TOKEN'
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
您不必重新发明轮子 :-) 有一个现成的库可供您使用,所有信息都可以在这里找到:https://auth0.com/docs/quickstart/webapp/laravel/01-login