Laravel 5.1 + OAuth2 passwordgrant (password authorization mode)

Source: Internet
Author: User
Background Brief

This paper intends to build a general application backend service environment, and account verification is one of the basic environment of application.

OAUTH2 provides a secure authentication environment to Access_token as a token of access to secure resources, as a single application and backend interaction, the use of password type will be more concise, if you want to achieve similar to Google, For Facebook or Sina Weibo's third-party login platform mode, please select Authorisation code grant.

OAuth type reference Description: Https://github.com/lucadegasperi/oauth2-server-laravel/wiki/Choosing-a-Grant

This article chooses the OAuth2 authorization Way is: password, needs to use with Refresh_token, after Access_token expires, uses the Refresh_token to apply for the new Access_token, does not need to log on again, achieves the application side to log in once , has been effective in effect.

If the refresh_token fails, it requires the user to log back in, which corresponds to the user has not used the application for a long time, need to let users re-login authorization of the scene. The general time can be set to one months, according to the actual needs of the setup.

Environment:

Laravel 5.1 Installation Please refer to the blog post:

Designed for Laravel Custom OAUTH2 implementations Oauth2-server-laravel:https://github.com/lucadegasperi/oauth2-server-laravel/wiki

Oauth2-server-laravel passwordgrant Installation and configuration please refer to the official website documentation, it is clear:

Installation configuration: Https://github.com/lucadegasperi/oauth2-server-laravel/wiki/Laravel-5-Installation

Use: https://github.com/lucadegasperi/oauth2-server-laravel/wiki/ Implementing-an-authorization-server-with-the-password-grant

This article focuses on:

The official website only describes how to configure and add the use code, but does not describe how to call, which may stop a lot of rookie.

PS: Here correct a "hand mistake" of the official website document:

' \app\passwordverifier@verify ' is changed to ' \app\passwordgrantverifier@verify ' and is consistent with the class definition that follows

Test data preparation

Before testing, you need to have a appid and Appsecret, like a third-party platform, to be able to identify access to an application

Here's how to do this: Add an app message to the Oauth_clients table, such as:

Simulating HTTP requests

Here to simulate the process of HTTP requests, direct mapping, we understand

Authorization to obtain Access_token, note the parameters of client_id and Client_secret need to be consistent with the oath_clients.


After the access_token expires, update with Refresh_token to return to the new Access_token and Refresh_token

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.