是什么阻止了此Laravel 8 API中的Auth0授权?
我正在开发一个Laravel8API。我使用Auth0进行用户注册和登录。
我需要Auth0返回的用户ID才能在我自己的应用程序中使用。
为此,我有以下代码:
在routesapi.php中:
// Public routes
Route::get('/authorize', [AuthController::class, 'authorize']);
// Protected routes
Route::group(['middleware' => ['jwt']], function () {
Route::get('/user-profile', [UserController::class, 'getUserId']);
// More routes
});
在AuthController:
namespace AppHttpControllers;
use AppHttpControllersAuthController;
// More code
class AuthController extends Controller {
protected $appDomain;
protected $appClientId;
protected $appClientSecret;
protected $appAudience;
public function authorize(){
$this->appDomain = 'https://' . config('laravel-auth0.domain');
$this->appClientId = config('laravel-auth0.client_id');
$this->appClientSecret = config('laravel-auth0.client_secret');
$this->appAudience = config('laravel-auth0.api_identifier');
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{"client_id":"$this->appClientId","client_secret":"$this->appClientSecret","audience":"$this->appAudience","grant_type":"client_credentials"}",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
}
在UserController中:
class UserController extends AuthController {
// More code
public function getUserId(){
// Do authorization
parent::authorize();
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/userinfo",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
// More code
}
问题
当我访问/user-profile
路由时,Potman引发Unauthorized
响应。
/authorize
路由执行以下操作,但仍会发生这种情况
返回令牌:
{"access_token":"somerandom.longtoken","scope":"read:users update:users delete:users","expires_in":86400,"token_type":"Bearer"}
问题
我的错误在哪里?
更新
按照@IProSoft的回答,在UserController中,我有:
public function getUserId(){
$access_token = parent::authorization()->access_token;
$client = new GuzzleHttpClient;
try {
$client = new GuzzleHttpClient(['headers' => [
'authorization' => 'Bearer' . $access_token,
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (GuzzleHttpExceptionClientException $e) {
$response = $e->getResponse();
}
return $response;
}
我在邮递员中收到此错误:
Error: Class 'SymfonyBridgePsrHttpMessageFactoryHttpFoundationFactory' not found in vendorlaravelframeworksrcIlluminateRoutingRouter.php
是什么原因导致此错误?
解决方案
此代码仅用于为您引路,不进行检查等。
首先要安装和学习Grouge
composer require guzzlehttp/guzzle:^7.0
在授权方法中,您可以将所有内容更改为:
$client = new GuzzleHttpClient;
try {
$client = new GuzzleHttpClient();
$response = $client->request('POST', $this->appDomain . '/oauth/token', [
'form_params' => [
{
"client_id": $this->appClientId,
"client_secret": $this->appClientSecret,
"audience": $this->appAudience,
"grant_type": "client_credentials"
}
]
]);
$response = json_decode($response->getBody());
}
catch (GuzzleHttpExceptionClientException $e) {
$response = $e->getResponse();
}
return $response;
第二:如果您想获取用户id,则必须在请求中传递BARER TOKEN
$client = new GuzzleHttpClient;
try {
$client = new GuzzleHttpClient('headers' => [
'authorization' => 'Bearer ACCESS_TOKEN'
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (GuzzleHttpExceptionClientException $e) {
$response = $e->getResponse();
}
您不必重新发明轮子:-)您可以使用现成的库,所有信息都可以在此处找到:https://auth0.com/docs/quickstart/webapp/laravel/01-login
相关文章