dongpang1898
2018-10-10 22:32
浏览 240
已采纳

Laravel + React,使用Laravel身份验证使用api

we have a Laravel project with react as the front-end. Basically react is inside the laravel project, we used php artisan preset react to add it.

As this application needs authentication, we used the custom laravel auth to give access to the users. Then when the authentication is correct, we redirect the user to a route that will be managed by react and react router. The problem is that we need to consume our API endpoints from the same app, and those endpoints MUST be protected. The laravel Auth is not working there, the sessión information is not being sent on each request. I’ve tried https://laravel.com/docs/5.7/authentication#stateless-http-basic-authentication that although it solves the problem is not convenient to log in and then when want to consume another resource show a prompt to log in again. Also change the api routes to a web middleware is not an option.

Does someone knows how to protect the laravel API routes with the normal laravel authentication

图片转代码服务由CSDN问答提供 功能建议

我们有一个Laravel项目,其中react作为前端。 基本上反应是在laravel项目中,我们使用 php artisan preset react 来添加它。

由于此应用程序需要身份验证,我们使用自定义laravel auth来提供 访问用户。 然后,当身份验证正确时,我们会将用户重定向到一个路由,该路由将由react和react路由器进行管理。 问题是我们需要从同一个应用程序中使用我们的API端点,并且这些端点必须受到保护。 laravel Auth不在那里工作,每次请求都没有发送sessión信息。 我试过 https://laravel.com/docs/5.7/ 身份验证#statless-http-basic-authentication 虽然它解决了问题,但登录时不方便,然后当想要消耗其他资源时显示再次登录的提示。 也不能将api路由更改为Web中间件。

是否有人知道如何使用正常的laravel身份验证保护laravel API路由

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongsechuan0535 2019-04-16 09:51
    已采纳

    The solution was simple, even that is on the documentation, the necessary steps should be clarified.

    We need to:

    1. Add passport composer require laravel/passport
    2. Make the migrations php artisan migrate
    3. Install passport php artisan passport:install

    The fourth step is more complex. We need to open our User.php model file. And first we need to import the HasApiTokens and tell the model to use it.

    use Laravel\Passport\HasApiTokens;
    
    class User extends Authenticatable
    
    {
    
        use HasApiTokens, Notifiable;
    
        .......
    
    }
    

    Then on our config/auth.php we need to modify the api array and change the driver to passport

    'api' => [
    
        //for API authentication with Passport
    
        'driver' => 'passport',
    
        'provider' => 'users',
    
    ],
    

    Then on our app/Http/Kernel.php we need to add a middleware to the $middlewareGroups array in the key web.

    protected $middlewareGroups = [
    
        'web' => [
    
            ................
    
            //for API authentication with Passport
    
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
    
        ],
    

    Now we can use the auth:api middleware on our api routes.

    Route::middleware('auth:api')->group( function(){
        ...your routes here
    });
    
    打赏 评论
  • douli4337 2018-10-10 23:42

    The routes defined in routes/api.php are, by default, stateless. They do not use sessions.

    You must add the necessary middleware, like StartSession::class and 'auth', if you want to take advantage of authenticated sessions. You can do this either in a route group, or in the $middlewareGroups['api'] array in app/Http/Kernel.php.

    打赏 评论

相关推荐 更多相似问题