问题描述

我正在尝试设置一个使用受Passport保护的Laravel API的SPA.

I am trying to setup a SPA that consumes a Laravel API protected with Passport.

我首先创建了一个专门用于此目的的新Laravel应用，然后按照说明设置护照和设置密码授予客户端.

I started by creating a new Laravel app specifically for this and I then followed the instructions for setting up passport and set up a password grant client.

我可以成功创建一个新用户，将该用户保存到数据库中，然后登录该用户.此后，我尝试使用新创建的用户信息以及密码授予客户端id和secret来创建访问令牌.在这一点上，我收到了例外.

I can successfully create a new user, save the user to the database, and log the user in. After that, I try to use the newly created user's information along with the password grant clients id and secret to create an access token. At this point I receive the exception.

我通读了日志，看到了引发异常的地方.在League\OAuth2\Server\Grant\PasswordGrant内部，validateUser方法具有以下内容:

I read through the log and I saw where the exception was being thrown. Inside League\OAuth2\Server\Grant\PasswordGrant the validateUser method has the following:

if ($user instanceof UserEntityInterface === false) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));

            throw OAuthServerException::invalidCredentials();
        }

看到这一点，我在用户模型上实现了UserEntityInterface并实现了getIdentifier方法，但是我仍然收到异常.我真的不太确定该从哪里去，任何帮助将不胜感激.下面是我的一些代码.

Seeing this I implemented the UserEntityInterface on my user model and implemented the getIdentifier method but I still receive the Exception. I'm really not too sure where to go from here, any help would be greatly appreciated. Below is some of my code.

这是我的注册控制人:

class RegisterController extends Controller
{

    private $tokenService;


    public function __construct(AccessTokenService $tokenService)
    {
        //$this->middleware('guest');
        $this->tokenService = $tokenService;
    }

    public function register(Request $request)
    {
        $this->validateWith($this->validator($request->all()));
        Log::debug('Validated');

        $user = $this->create($request->all());
        $this->guard()->login($user);
        $this->tokenService->boot(Auth::user());

        return response()->json($this->tokenService->getNewAccessToken(), 200);
    }

    protected function guard()
    {
        return Auth::guard();
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|min:6|confirmed',
            'password_confirmation' => 'required'
        ]);
    }

    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }
}

这些是AccessTokenService的相关部分:

And these are the relevant portions of AccessTokenService:

public function getNewAccessToken() {
        $http = new Client();
        $client = \Laravel\Passport\Client::where('id', 6)->first();

        Log::debug($client->getAttribute('secret'));
        Log::debug($this->user->getAttribute('email'));
        Log::debug($this->user->getAuthPassword());

        $response = $http->post('homestead.app/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => 6,
                'client_secret' => $client->getAttribute('secret'),
                'username' => $this->user->getAttribute('email'),
                'password' => $this->user->getAuthPassword(),
                'scope' => '*'
            ]]);
        unset($client);
        $status = $response->getStatusCode();
        $body = $response->getBody();

        Log::debug($body->getContents());
        Log::debug($status);

        switch($status)
        {
            case 200:case 201:
            case 202:
                $tokens = array(
                    "user_id" => $this->user->getAttribute('id'),
                    "access_token" => $body['access_token'],
                    "refresh_token" => $body['refresh_token']
                );
                $output = ["access_token" => $this->storeTokens($tokens), 'status_code' => $status];
                break;
            default:
                $output = ["access_token" => '', 'status_code' => $status];
                break;

        }
        return $output;
    }

    private function storeTokens(array $tokens) {
        UserToken::create([
            "user_id" => $tokens['user_id'],
            "access_token" => bcrypt($tokens['access_token']),
            "refresh_token" => bcrypt($tokens['refresh_token'])
        ]);
        return $tokens['access_token'];
    }

推荐答案

所以我找出了问题所在.当我请求访问令牌时，我正在传递用户的电子邮件和密码，但是当我需要传递未加密的密码时，我正在传递哈希密码.

So I figured out the issue. When I was requesting the access token I was passing in the user's email and password but I was passing the hashed password when I needed to pass in the unhashed password.

我对访问令牌的请求看起来像这样:

My request for an access token looked like this:

$response = $http->post('homestead.app/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => 6,
                'client_secret' => $client->getAttribute('secret'),
                'username' => $this->user->getAttribute('email'),
                'password' => $this->user->getAuthPassword(), //Here is the problem
                'scope' => '*'
            ]]);

通过使用未加密的密码将请求传递给函数，可以解决此问题:

By passing the Request to the function using the unhashed password like this solved the problem:

$response = $http->post('homestead.app/oauth/token', [
            'form_params' => [
                'grant_type' => 'password',
                'client_id' => 6,
                'client_secret' => $client->getAttribute('secret'),
                'username' => $request['email'],
                'password' => $request['password'],
                'scope' => '*'
            ]]);

这篇关于Laravel Passport密码授予返回无效凭据异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！