亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

目錄
1. Install and Setup Laravel Passport
2. Configure Your User Model
3. Register Passport Routes
4. Configure API Authentication Guard
5. Issue Tokens to Clients
a) Personal Access Tokens (for trusted clients)
b) Password Grant (for first-party apps like mobile apps)
6. Protect API Routes
7. Handle Token Scopes (Optional)
8. Token Expiry and Refresh
9. Revoke Tokens
10. CORS and Frontend Considerations
首頁(yè) php框架 Laravel 如何使用Laravel Passport處理API身份驗(yàn)證?

如何使用Laravel Passport處理API身份驗(yàn)證?

Aug 04, 2025 am 08:45 AM

安裝Laravel Passport 並運(yùn)行遷移和密鑰生成命令;2. 在User 模型中引入HasApiTokens trait;3. 在AuthServiceProvider 中註冊(cè)Passport 路由;4. 配置api 認(rèn)證守衛(wèi)使用passport 驅(qū)動(dòng);5. 通過personal access tokens 或password grant 類型發(fā)放令牌;6. 使用auth:api 中間件保護(hù)API 路由;7. 可選配置token scopes 實(shí)現(xiàn)權(quán)限控制;8. 處理訪問令牌的刷新以獲取新令牌;9. 支持令牌吊銷以增強(qiáng)安全性;10. 正確配置CORS 並採(cǎi)用無狀態(tài)認(rèn)證,最終實(shí)現(xiàn)安全可靠的API 認(rèn)證機(jī)制。

How to handle API authentication with Laravel Passport?

Handling API authentication in Laravel using Laravel Passport is straightforward once you understand the flow. Passport gives you a full OAuth2 server implementation out of the box, making it ideal for securing APIs, especially when building SPAs, mobile apps, or third-party clients.

How to handle API authentication with Laravel Passport?

Here's how to set up and handle API authentication with Laravel Passport:

1. Install and Setup Laravel Passport

First, install Passport via Composer:

How to handle API authentication with Laravel Passport?
 composer require laravel/passport

Then, run the migrations to create the necessary tables (clients, tokens, etc.):

 php artisan migrate

Next, generate the encryption keys needed to generate secure access tokens:

How to handle API authentication with Laravel Passport?
 php artisan passport:install

This command creates personal access and password grant clients and their encryption keys.

?? Note: In production, never commit the keys generated by passport:install . Use php artisan passport:keys if you need to regenerate them on the server.

2. Configure Your User Model

Your User model must use the Laravel\Passport\HasApiTokens trait:

 use Laravel\Passport\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;
}

3. Register Passport Routes

In AuthServiceProvider , boot Passport and register its routes:

 use Laravel\Passport\Passport;

public function boot()
{
    $this->registerPolicies();

    Passport::routes();
}

These routes handle token issuance and revocation.

4. Configure API Authentication Guard

Ensure your api guard in config/auth.php uses the passport driver:

 'guards' => [
    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

5. Issue Tokens to Clients

Passport supports several OAuth2 grant types. The most common ones:

a) Personal Access Tokens (for trusted clients)

Useful for testing or first-party apps (eg, CLI tools). Users generate tokens via the UI.

In your controller or Tinker:

 $user = User::find(1);
$token = $user->createToken('Token Name')->accessToken;
return ['access_token' => $token];

b) Password Grant (for first-party apps like mobile apps)

This flow lets users log in with email/password and receive an access token.

First, create a password grant client:

 php artisan passport:client --password

Then, request a token from your frontend or client:

 POST /oauth/token
Content-Type: application/json

{
  "grant_type": "password",
  "client_id": "your-password-client-id",
  "client_secret": "your-password-client-secret",
  "username": "user@example.com",
  "password": "password",
  "scope": ""
}

You'll get a JSON response with access_token , refresh_token , and expiry.

? Always use HTTPS for token requests.

6. Protect API Routes

Use the auth:api middleware to protect routes:

 Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Or in a controller:

 public function __construct()
{
    $this->middleware('auth:api');
}

7. Handle Token Scopes (Optional)

Scopes let you define fine-grained permissions.

Define scopes in AuthServiceProvider :

 Passport::tokensCan([
    'read-profile' => 'Read user profile',
    'update-profile' => 'Update user profile',
]);

Attach scopes to tokens during issuance (eg, in password grant request):

 "scope": "read-profile update-profile"

Then protect routes by scope:

 Route::get('/profile', function () {
    // Must have 'read-profile' scope
})->middleware('scopes:read-profile');

Or check in code:

 if ($request->user()->tokenCan('update-profile')) { ... }

8. Token Expiry and Refresh

Access tokens expire (default: 1 year for personal tokens, 1 hour for password grant). Use the refresh_token to get a new access token:

 POST /oauth/token
{
  "grant_type": "refresh_token",
  "refresh_token": "your-refresh-token",
  "client_id": "client-id",
  "client_secret": "client-secret",
  "scope": ""
}

9. Revoke Tokens

To revoke a token:

 $accessToken = Auth::user()->token();
$accessToken->revoke();

Or use the revocation endpoint if enabled.

10. CORS and Frontend Considerations

If your frontend is on a different domain, configure CORS properly using Laravel Sanctum or a package like fruitcake/laravel-cors .

Also, consider using stateless authentication — Passport works statelessly with bearer tokens, so no session is needed.

In short:

  • Use personal access tokens for testing/trusted clients.
  • Use password grant for first-party apps (mobile/web).
  • Always protect routes with auth:api .
  • Use scopes for permission control.
  • Handle token refresh and revocation.

With Passport, Laravel makes OAuth2 manageable without needing to write boilerplate.

Basically, once it's set up, it just works.

以上是如何使用Laravel Passport處理API身份驗(yàn)證?的詳細(xì)內(nèi)容。更多資訊請(qǐng)關(guān)注PHP中文網(wǎng)其他相關(guān)文章!

本網(wǎng)站聲明
本文內(nèi)容由網(wǎng)友自願(yuàn)投稿,版權(quán)歸原作者所有。本站不承擔(dān)相應(yīng)的法律責(zé)任。如發(fā)現(xiàn)涉嫌抄襲或侵權(quán)的內(nèi)容,請(qǐng)聯(lián)絡(luò)admin@php.cn

熱AI工具

Undress AI Tool

Undress AI Tool

免費(fèi)脫衣圖片

Undresser.AI Undress

Undresser.AI Undress

人工智慧驅(qū)動(dòng)的應(yīng)用程序,用於創(chuàng)建逼真的裸體照片

AI Clothes Remover

AI Clothes Remover

用於從照片中去除衣服的線上人工智慧工具。

Clothoff.io

Clothoff.io

AI脫衣器

Video Face Swap

Video Face Swap

使用我們完全免費(fèi)的人工智慧換臉工具,輕鬆在任何影片中換臉!

熱工具

記事本++7.3.1

記事本++7.3.1

好用且免費(fèi)的程式碼編輯器

SublimeText3漢化版

SublimeText3漢化版

中文版,非常好用

禪工作室 13.0.1

禪工作室 13.0.1

強(qiáng)大的PHP整合開發(fā)環(huán)境

Dreamweaver CS6

Dreamweaver CS6

視覺化網(wǎng)頁(yè)開發(fā)工具

SublimeText3 Mac版

SublimeText3 Mac版

神級(jí)程式碼編輯軟體(SublimeText3)

熱門話題

Laravel 教程
1597
29
PHP教程
1488
72
與Laravel中的樞軸表合作多對(duì)多關(guān)係 與Laravel中的樞軸表合作多對(duì)多關(guān)係 Jul 07, 2025 am 01:06 AM

toworkeffectivelywithpivottablesinlaravel,firstAccessPivotDatausingwithPivot()orwithTimestamps(),thenupdateentrieswithupdatee XistingPivot(),ManageraliationShipsviadeTach()andsync(),andusecustompivotModelSwhenNeed.1.UseWithPivot()toincludespecificcol

通過Laravel發(fā)送不同類型的通知 通過Laravel發(fā)送不同類型的通知 Jul 06, 2025 am 12:52 AM

laravelProvidesLeanAndFlexibleWayTosendificationsViamultiplipliplipliplikeMail,SMS,In-Appalerts,and-Appalerts,andPushNotifications.youdefineNotificationChannelsinthelsinthevia()MethodofanotificationClass,andimpecificementpecificementpecificementpecificemmethodssliketomail()

優(yōu)化Laravel應(yīng)用程序性能的策略 優(yōu)化Laravel應(yīng)用程序性能的策略 Jul 09, 2025 am 03:00 AM

Laravel性能優(yōu)化可通過四個(gè)核心方向提升應(yīng)用效率。 1.使用緩存機(jī)制減少重複查詢,通過Cache::remember()等方法存儲(chǔ)不常變化的數(shù)據(jù),降低數(shù)據(jù)庫(kù)訪問頻率;2.從模型到查詢語(yǔ)句進(jìn)行數(shù)據(jù)庫(kù)優(yōu)化,避免N 1查詢、指定字段查詢、添加索引、分頁(yè)處理及讀寫分離,減少瓶頸;3.將耗時(shí)操作如郵件發(fā)送、文件導(dǎo)出放入隊(duì)列異步處理,利用Supervisor管理工作者並設(shè)置重試機(jī)制;4.合理使用中間件與服務(wù)提供者,避免複雜邏輯和不必要的初始化代碼,延遲加載服務(wù)以提升啟動(dòng)效率。

管理數(shù)據(jù)庫(kù)狀態(tài)進(jìn)行Laravel測(cè)試 管理數(shù)據(jù)庫(kù)狀態(tài)進(jìn)行Laravel測(cè)試 Jul 13, 2025 am 03:08 AM

在Laravel測(cè)試中管理數(shù)據(jù)庫(kù)狀態(tài)的方法包括使用RefreshDatabase、選擇性播種數(shù)據(jù)、謹(jǐn)慎使用事務(wù)和必要時(shí)手動(dòng)清理。 1.使用RefreshDatabasetrait自動(dòng)遷移數(shù)據(jù)庫(kù)結(jié)構(gòu),確保每次測(cè)試都基於乾淨(jìng)的數(shù)據(jù)庫(kù);2.通過調(diào)用特定種子填充必要數(shù)據(jù),結(jié)合模型工廠生成動(dòng)態(tài)數(shù)據(jù);3.使用DatabaseTransactionstrait回滾測(cè)試更改,但需注意其局限性;4.在無法自動(dòng)清理時(shí),手動(dòng)截?cái)啾砘蛑匦虏シN數(shù)據(jù)庫(kù)。這些方法根據(jù)測(cè)試類型和環(huán)境靈活選用,以保證測(cè)試的可靠性和效率。

選擇API身份驗(yàn)證的Laravel Sanctum和Passport 選擇API身份驗(yàn)證的Laravel Sanctum和Passport Jul 14, 2025 am 02:35 AM

LaravelSanctum適合簡(jiǎn)單、輕量的API認(rèn)證,如SPA或移動(dòng)應(yīng)用,而Passport適用於需要完整OAuth2功能的場(chǎng)景。 1.Sanctum提供基於令牌的認(rèn)證,適合第一方客戶端;2.Passport支持授權(quán)碼、客戶端憑證等複雜流程,適合第三方開發(fā)者接入;3.Sanctum安裝配置更簡(jiǎn)單,維護(hù)成本低;4.Passport功能全面但配置複雜,適合需要精細(xì)權(quán)限控制的平臺(tái)。選擇時(shí)應(yīng)根據(jù)項(xiàng)目需求判斷是否需要OAuth2特性。

在Laravel中實(shí)施數(shù)據(jù)庫(kù)交易? 在Laravel中實(shí)施數(shù)據(jù)庫(kù)交易? Jul 08, 2025 am 01:02 AM

Laravel通過內(nèi)置支持簡(jiǎn)化了數(shù)據(jù)庫(kù)事務(wù)處理。 1.使用DB::transaction()方法可自動(dòng)提交或回滾操作,確保數(shù)據(jù)完整性;2.支持嵌套事務(wù)並通過保存點(diǎn)實(shí)現(xiàn),但通常建議使用單一事務(wù)包裝以避免複雜性;3.提供手動(dòng)控制方法如beginTransaction()、commit()和rollBack(),適用於需要更靈活處理的場(chǎng)景;4.最佳實(shí)踐包括保持事務(wù)簡(jiǎn)短、僅在必要時(shí)使用、測(cè)試失敗情況並記錄回滾信息。合理選擇事務(wù)管理方式有助於提高應(yīng)用可靠性和性能。

處理Laravel中的HTTP請(qǐng)求和響應(yīng)。 處理Laravel中的HTTP請(qǐng)求和響應(yīng)。 Jul 16, 2025 am 03:21 AM

在Laravel中處理HTTP請(qǐng)求和響應(yīng)的核心在於掌握請(qǐng)求數(shù)據(jù)獲取、響應(yīng)返回和文件上傳。 1.接收請(qǐng)求數(shù)據(jù)可通過類型提示注入Request實(shí)例並使用input()或魔術(shù)方法獲取字段,結(jié)合validate()或表單請(qǐng)求類進(jìn)行驗(yàn)證;2.返迴響應(yīng)支持字符串、視圖、JSON、帶狀態(tài)碼和頭部的響應(yīng)及重定向操作;3.處理文件上傳時(shí)需使用file()方法並結(jié)合store()存儲(chǔ)文件,上傳前應(yīng)驗(yàn)證文件類型和大小,存儲(chǔ)路徑可保存至數(shù)據(jù)庫(kù)。

在Laravel生成命名路線的URL。 在Laravel生成命名路線的URL。 Jul 16, 2025 am 02:50 AM

在Laravel中生成命名路由的URL最常用方法是使用route()輔助函數(shù),它可根據(jù)路由名稱自動(dòng)匹配路徑並處理參數(shù)綁定。 1.在控制器或視圖中傳入路由名稱和參數(shù),如route('user.profile',['id'=>1]);2.多參數(shù)時(shí)也只需傳數(shù)組,順序不影響匹配,如route('user.post.show',['id'=>1,'postId'=>10]);3.在Blade模板中可直接嵌入鏈接,如查看資料;4.可選參數(shù)未提供時(shí)不顯示,如route('user.post',

See all articles