How to meet the authorization requirements in API scenarios?
Introduction
In Laravel, it is very simple to implement login and authorization based on traditional forms, but how to meet the authorization requirements in API scenarios? In API scenarios, user authorization is usually implemented through tokens instead of maintaining session state between requests. Passport can now be used to easily implement the API authorization process in Laravel projects. With Passport, you can add a complete OAuth2 server implementation to your application in a few minutes.
Installation
Use the Composer dependency package manager to install Passport:
composer require laravel/passport
Next, register the Passport service provider to the configuration In the providers array of the file config/app.php:
Laravel\Passport\PassportServiceProvider::class
Passport uses service providers to register the internal database migration script directory, so after the previous step is completed, you need to update your database structure . Passport's migration script will automatically create the client data table and token data table required by the application:
php artisan migrate
Next, you need to run the passport:install command to create and generate a secure access token The encryption key used when playing cards. At the same time, this command will also create a "Private Access" client and a "Password Authorization" client:
php artisan passport:install
After executing the above command, modify App\User.php, used to check the authenticated user's token and use the scope:
<?php namespace App;use Laravel\Passport\HasApiTokens; // 新增use Illuminate\Notifications\Notifiable;use Illuminate\Foundation\Auth\User as Authenticatable;class User extends Authenticatable {use HasApiTokens, Notifiable; // 增加 HasApiTokens
Next, you need to call the Passport::routes function in the boot method of the AuthServiceProvider. This function will register some necessary routes that will be used in the issuance and revocation process of access tokens, clients, and private access tokens:
Modify App\Providers\AuthServiceProvider.php:
<?php namespace App\Providers;use Laravel\Passport\Passport; // 新增use Illuminate\Support\Facades\Gate;use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;use Carbon\Carbon; // 新增引用class AuthServiceProvider extends ServiceProvider {/** * The policy mappings for the application. * * @var array */protected $policies = ['App\Model' => 'App\Policies\ModelPolicy',];/** * Register any authentication / authorization services. * * @return void */public function boot() {$this->registerPolicies(); Passport::routes(); // 注册passport路由 //令牌的有效期Passport::tokensExpireIn(Carbon::now()->addDays(15)); Passport::refreshTokensExpireIn(Carbon::now()->addDays(30)); } }
Finally, you need to change the authorization protection item (driver) in the api part of the configuration file config/auth.php to passport. This adjustment will cause your application to use Passport's TokenGuard to handle when receiving an authorization request from the API:
'guards' => ['web' => ['driver' => 'session', 'provider' => 'users',], 'api' => ['driver' => 'passport', // 改为passport'provider' => 'users',],],
Test
The routing of the api is api.php. Open routes\api.php and add a test route.
Route::group(['namespace' => 'api'], function () { Route::post('/login', 'UserController@login'); }); Route::group(['middleware' => 'auth:api', 'namespace' => 'api'], function() { Route::get('details', 'UserController@details'); });
One is used to log in and obtain the token, and the other is used to complete the login verification with the obtained token and obtain the current user information.
details routing uses the auth:api middleware to verify the token.
Create the api folder in the App\Http\ directory and add UserController.php
<?php namespace App\Http\Controllers\api;use Illuminate\Http\Request;use App\Http\Controllers\Controller;use Illuminate\Support\Facades\Auth;use App\User;use Response;class UserController extends Controller {public function __construct() {$this->content = array(); }public function login() {if(Auth::attempt(['email' => request('email'), 'password' => request('password')])) {$user = Auth::user();$this->content['token'] = $user->createToken('Pizza App')->accessToken;$status = 200; } else {$this->content['error'] = "未授权"; $status = 401; } return response()->json($this->content, $status); }public function details() {return response()->json(['user' => Auth::user()]); } }
Test in postman:
As shown in the figure above, the login method must match the route, use post mode, and pass the user's email and password to api/login in a form
If the transmission is correct, you will get the token in the picture above
Add the token obtained in the previous step to the Header and add ' in front of the token Bearer'. Then you can get the current user's information. That is, user authentication is completed.
The above is not guaranteed to be completely correct. Welcome to view my GitHub code.
The above is the detailed content of How to meet the authorization requirements in API scenarios?. For more information, please follow other related articles on the PHP Chinese website!

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.

Tracking user session activities in PHP is implemented through session management. 1) Use session_start() to start the session. 2) Store and access data through the $_SESSION array. 3) Call session_destroy() to end the session. Session tracking is used for user behavior analysis, security monitoring, and performance optimization.

Using databases to store PHP session data can improve performance and scalability. 1) Configure MySQL to store session data: Set up the session processor in php.ini or PHP code. 2) Implement custom session processor: define open, close, read, write and other functions to interact with the database. 3) Optimization and best practices: Use indexing, caching, data compression and distributed storage to improve performance.

PHPsessionstrackuserdataacrossmultiplepagerequestsusingauniqueIDstoredinacookie.Here'showtomanagethemeffectively:1)Startasessionwithsession_start()andstoredatain$_SESSION.2)RegeneratethesessionIDafterloginwithsession_regenerate_id(true)topreventsessi

In PHP, iterating through session data can be achieved through the following steps: 1. Start the session using session_start(). 2. Iterate through foreach loop through all key-value pairs in the $_SESSION array. 3. When processing complex data structures, use is_array() or is_object() functions and use print_r() to output detailed information. 4. When optimizing traversal, paging can be used to avoid processing large amounts of data at one time. This will help you manage and use PHP session data more efficiently in your actual project.

The session realizes user authentication through the server-side state management mechanism. 1) Session creation and generation of unique IDs, 2) IDs are passed through cookies, 3) Server stores and accesses session data through IDs, 4) User authentication and status management are realized, improving application security and user experience.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 Chinese version
Chinese version, very easy to use

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

Atom editor mac version download
The most popular open source editor

SublimeText3 English version
Recommended: Win version, supports code prompts!
