精华内容
下载资源
问答
  • Passport

    2020-12-25 23:47:50
    <div><p>Yandex Passport API … https://tech.yandex.ru/passport/doc/dg/reference/request-docpage/</p><p>该提问来源于开源项目:nixsolutions/yandex-php-library</p></div>
  • passport

    2020-05-28 00:16:33
    https://www.jianshu.com/p/53aa985ba317

    https://www.jianshu.com/p/53aa985ba317

    展开全文
  • passport-源码

    2021-03-15 19:45:42
    passport
  • Passport support

    2021-01-12 16:01:18
    <div><p>Passport package has embedded models, which are tightly coupled to the Illuminate's Eloquent. One way of making Passport work is taking ownership of all the models, but this way you are ...
  • Passport JWT

    2020-12-01 17:26:19
    <p>I am looking at implementing vue-auth into an upcoming app and was wondering how I would make this work with a Passport (JWT) backed. The documentation is a little confusing on how I set the ...
  • passport的验证过程主要依赖具体的验证策略来实现的,比较常用的有session策略、local策略和github策略等,验证逻辑都是在这些策略类中定义的。passport模块的定义主要包括三个部分:passport类、相关中间件和验证...

    passport的验证过程主要依赖具体的验证策略来实现的,比较常用的有session策略、local策略和github策略等,验证逻辑都是在这些策略类中定义的。passport模块的定义主要包括三个部分:passport类、相关中间件和验证策略,passport自带了session验证策略,如果要使用其他验证策略,需要自行添加。

    passport的使用分为五个部分:

    首先必须通过app.use(passport.initialize())对passport进行初始化,否则后面的验证方法无法执行

    在全局范围内添加session验证中间件,app.use(passport.session());,这个主要是为了记住用户的登录状态,可以指定session过期时间

    给passport添加验证策略

    在具体的路由上使用第三步中添加的验证中间件

    给passport定义序列化和反序列化函数

    本文没有对passport进行深入的分析,具体请参考注释版源码。

    1、passport类

    依赖于 ./framework/connect 和 ./strategies/session

    主要属性:

    this._key = 'passport'; //挂载在session上的关键字

    this._strategies = {}; //保存所有验证策略的对象

    this._serializers = []; //序列化session

    this._deserializers = []; //反序列化session

    this._infoTransformers = [];

    this._framework = null; //保存所有中间件的对象

    this._userProperty = 'user'; //挂载在req上的关键字 req.user

    Authenticator.prototype.init

    进行相关初始化,添加authenticate和initialize中间件,添加session验证策略 。给req对象添加login、logout、isAuthenticated和isUnAuthenticated方法

    Authenticator.prototype.framework

    passport暴露的中间件是类似于connect风格的,签名如:fn(req, res, next),而有的框架需要的是不同的签名风格,因此,该方法是用来做适配的,如果使用的是express框架,则不需要调用该方法。将传入的参数保存到this._framework中,参数如下:

    {

    initialize: initialize,

    authenticate: authenticate

    }

    Authenticator.prototype.use

    添加具体验证策略对象,并保存到this._strategies中,策略对象必须提供名称,例如:

    passport.use('local',new LocalStrategy(function(username,password,done){ //todo });

    Authenticator.prototype.unuse

    根据策略名称,删除this._strategies中对应的验证策略对象,例如:passport.unuse('local');

    Authenticator.prototype.initialize

    设置this._userProperty,然后调用this._framework.initialize方法生成一个初始化中间件,并返回该中间件

    Authenticator.prototype.authenticate

    调用this._framework.authenticate方法生成一个验证中间件,并返回该中间件

    2、 middleware - 相关中间件

    主要包括initialize和authenticate,除此之外,在加载的时候还会对req对象定义多个方法

    initialize

    进行相关初始化工作,将session中的passport对象(req.session[passport._key])挂载到req._passport上,如果session中没有保存相关信息或者session为空,则req_passport={}

    authenticate

    给验证策略添加了额外的处理方法,如:success、fail、redirect、pass、error,主要目的是对验证状态进行保存。有了这些方法,我们就可以只关心验证逻辑的定义,在验证成功或失败后只需调用这些预先定好的方法即可。该中间件对请求按照指定的策略进行验证,如果验证通过,调用success方法,用户就会登录成功,相关用户信息将被挂载到req.user上同时会生成一个session对象,如果验证失败,将会向客户端发送未授权响应。

    该中间件需要注意的地方就是验证回调,如果提供了回调函数,那么将会覆盖默认的处理方式,即:attemp方法,此时需要自行调用req.login

    //提供了回调函数的情况

    app.get('/login', function(req, res, next) {

    passport.authenticate('local', function(err, user, info) {

    if (err) { return next(err); }

    if (!user) { return res.redirect('/login'); }

    req.logIn(user, function(err) {

    if (err) { return next(err); }

    return res.redirect('/users/' + user.username);

    });

    })(req, res, next);

    });

    展开全文
  • laravel passport

    2020-12-25 20:49:37
    <div><p>Can I use it with laravel passport?</p><p>该提问来源于开源项目:aacotroneo/laravel-saml2</p></div>
  • passport-ldapauth, Passport的LDAP认证策略 护照 ldapauth 针对 ldap/ad服务器的 Passport 实时认证策略。 这里模块是 ldapauth fork的Passport 策略包装器。这里模块允许你在 node.js 应用程序中使用LDAP或者广
  • Passport Authentication

    2021-01-09 10:35:59
    m having a hard time integrating the Passport auth framework and middlewares with this lovely piece of software. My idea is to make the auth process happen almost inside the single-page app, using ...
  • Laravel Passport是一个简单易用的OAuth2服务器和API身份验证软件包。 基本配置 在上安装和配置Laravel Passport作为文档。 Laracasts配置 在上以铸造系列安装和配置Laravel Passport。 中型配置 在中篇文章中...
  • Passport authentication

    2021-01-11 20:12:14
    Could you add passport authentication support ? (Or maybe i should handle it via a merge request ?) <p>Thanks for consideration.</p><p>该提问来源于开源项目:keithwhor/nodal</p></div>
  • Passport insecure

    2020-11-27 17:28:45
    <p>I see the passport-component for laravel. In my opinion this isn't a great solution because the client-secret and client-id should never write clean in the code. An hacker could use it to get ...
  • Laravel Passport是一个简单易用的OAuth2服务器和API身份验证软件包。 官方文件 可以在上找到Passport的文档。 贡献 感谢您考虑为护照做出贡献! 可以在找到贡献指南。 行为守则 为了确保Laravel社区欢迎所有人,请...
  • Passport headers

    2021-01-11 14:22:33
    It does not authenticate, passport works fine when I do it from my online signin form. It looks like the username and password does not get sent. <p>Am I missing something? I am trying to use this ...
  • Laravel Passport

    2019-11-04 16:13:26
    composer require laravel/passport php artisan migrate // 创建表来存储客户端和 access_token php artisan passport:install // 生成加密 access_token 的 key、密码授权客户端、个人访问客户端 Laravel\Passport...
    composer require laravel/passport
    php artisan migrate // 创建表来存储客户端和 access_token
    php artisan passport:install // 生成加密 access_token 的 key、密码授权客户端、个人访问客户端
    Laravel\Passport\HasApiTokens Trait 添加到 App\User 模型中 // 提供一些辅助函数检查已认证用户的令牌和使用范围
    在 AuthServiceProvider 的 boot 方法中调用 Passport::routes 函数 // 访问令牌并撤销访问令牌路由,客户端和个人访问令牌相关路由
    config/auth.php 中 api 的 driver 选项改为 passport
    

    自定义 passport migration

    php artisan vendor:publish --tag=passport-migrations

    生成加密 access_token 的 key

    php artisan passport:keys

    AuthServiceProvider 中指定 passport key 加载路径

    Passport::loadKeysFrom('/secret-keys/oauth');

    PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
    <private key here>
    -----END RSA PRIVATE KEY-----"
    
    PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
    <public key here>
    -----END PUBLIC KEY-----"
    

    配置

    过期时间

    Passport::tokensExpireIn(now()->addDays(15)); // access_token
    Passport::refreshTokensExpireIn(now()->addDays(30));// refresh_token
    Passport::personalAccessTokensExpireIn(now()->addMonths(6)); // personal access_token
    

    重写模型

    use App\Models\Passport\AuthCode;
    use App\Models\Passport\Client;
    use App\Models\Passport\PersonalAccessClient;
    use App\Models\Passport\Token;
    
    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();
    
        Passport::routes();
    
        Passport::useTokenModel(Token::class);
        Passport::useClientModel(Client::class);
        Passport::useAuthCodeModel(AuthCode::class);
        Passport::usePersonalAccessClientModel(PersonalAccessClient::class);
    }
    

    管理客户端

    命令行创建客户端

    php artisan passport:client
    // 设置回调地址白名单的格式:http://example.com/callback,http://examplefoo.com/callback (逗号隔开)
    

    api 管理客户端

    axios.get('/oauth/clients')
        .then(response => {
            console.log(response.data);
        });
    
    const data = {
        name: 'Client Name',
        redirect: 'http://example.com/callback'
    };
    
    axios.post('/oauth/clients', data)
        .then(response => {
            console.log(response.data);
        })
        .catch (response => {
            // List errors on response...
        });
    
    const data = {
        name: 'New Client Name',
        redirect: 'http://example.com/callback'
    };
    
    axios.put('/oauth/clients/' + clientId, data)
        .then(response => {
            console.log(response.data);
        })
        .catch (response => {
            // List errors on response...
        });
    
    axios.delete('/oauth/clients/' + clientId)
        .then(response => {
            //
        });
    

    授权码模式

    请求 token

    Route::get('/redirect', function (Request $request) {
        $request->session()->put('state', $state = Str::random(40));
    
        $query = http_build_query([
            'client_id' => 'client-id',
            'redirect_uri' => 'http://example.com/callback',
            'response_type' => 'code',
            'scope' => '',
            'state' => $state,
        ]);
    
        return redirect('http://your-app.com/oauth/authorize?'.$query);
    });
    

    自定义用户授权页面

    php artisan vendor:publish --tag=passport-views
    

    跳过用户授权页面

    <?php
    
    namespace App\Models\Passport;
    
    use Laravel\Passport\Client as BaseClient;
    
    class Client extends BaseClient
    {
        public function skipsAuthorization()
        {
            return $this->firstParty();
        }
    }
    

    获取 access_token

    Route::get('/callback', function (Request $request) {
        $state = $request->session()->pull('state');
    
        throw_unless(
            strlen($state) > 0 && $state === $request->state,
            InvalidArgumentException::class
        );
    
        $http = new GuzzleHttp\Client;
    
        $response = $http->post('http://your-app.com/oauth/token', [
            'form_params' => [
                'grant_type' => 'authorization_code',
                'client_id' => 'client-id',
                'client_secret' => 'client-secret',
                'redirect_uri' => 'http://example.com/callback',
                'code' => $request->code,
            ],
        ]);
    
        return json_decode((string) $response->getBody(), true);
    });
    

    刷新令牌

    $http = new GuzzleHttp\Client;
    
    $response = $http->post('http://your-app.com/oauth/token', [
        'form_params' => [
            'grant_type' => 'refresh_token',
            'refresh_token' => 'the-refresh-token',
            'client_id' => 'client-id',
            'client_secret' => 'client-secret',
            'scope' => '',
        ],
    ]);
    
    return json_decode((string) $response->getBody(), true);
    

    密码模式

    php artisan passport:client --password
    
    $http = new GuzzleHttp\Client;
    
    $response = $http->post('http://your-app.com/oauth/token', [
        'form_params' => [
            'grant_type' => 'password',
            'client_id' => 'client-id',
            'client_secret' => 'client-secret',
            'username' => 'taylor@laravel.com',
            'password' => 'my-password',
            'scope' => '', // '*'是所有范围,应该只在密码模式和客户端模式时候使用
        ],
    ]);
    
    return json_decode((string) $response->getBody(), true);
    

    自定义密码验证和 username 字段

    public function validateForPassportPasswordGrant($password)
    {
        return Hash::check($password, $this->password);
    }
    
    public function findForPassport($username)
    {
        return $this->where('username', $username)->first();
    }
    

    隐式模式

    Passport::enableImplicitGrant();
    
    Route::get('/redirect', function (Request $request) {
        $request->session()->put('state', $state = Str::random(40));
    
        $query = http_build_query([
            'client_id' => 'client-id',
            'redirect_uri' => 'http://example.com/callback',
            'response_type' => 'token',
            'scope' => '',
            'state' => $state,
        ]);
    
        return redirect('http://your-app.com/oauth/authorize?'.$query);
    });
    

    客户端模式

    php artisan passport:client --client
    
    use Laravel\Passport\Http\Middleware\CheckClientCredentials;
    
    protected $routeMiddleware = [
        'client' => CheckClientCredentials::class,
    ];
    
    Route::get('/orders', function (Request $request) {
        ...
    })->middleware('client');
    
    Route::get('/orders', function (Request $request) {
        ...
    })->middleware('client:check-status,your-scope');
    
    $guzzle = new GuzzleHttp\Client;
    
    $response = $guzzle->post('http://your-app.com/oauth/token', [
        'form_params' => [
            'grant_type' => 'client_credentials',
            'client_id' => 'client-id',
            'client_secret' => 'client-secret',
            'scope' => 'your-scope',
        ],
    ]);
    
    return json_decode((string) $response->getBody(), true)['access_token'];
    

    使用 access_token

    $response = $client->request('GET', '/api/user', [
        'headers' => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer '.$accessToken,
        ],
    ]);
    

    玩转 scope

    # AuthServiceProvider
    use Laravel\Passport\Passport;
    
    Passport::tokensCan([
        'place-orders' => 'Place orders',
        'check-status' => 'Check order status',
    ]);
    
    Passport::setDefaultScope([
        'check-status',
        'place-orders',
    ]);
    
    Route::get('/redirect', function () {
        $query = http_build_query([
            'client_id' => 'client-id',
            'redirect_uri' => 'http://example.com/callback',
            'response_type' => 'code',
            'scope' => 'place-orders check-status', // 传递 scope 格式
        ]);
    
        return redirect('http://your-app.com/oauth/authorize?'.$query);
    });
    

    检验 scope

    # app/Http/Kernel.php 中 $routeMiddleware
    'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
    'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
    
    Route::get('/orders', function () {
        // Access token has both "check-status" and "place-orders" scopes...
    })->middleware('scopes:check-status,place-orders');
    
    Route::get('/orders', function () {
        // Access token has either "check-status" or "place-orders" scope...
    })->middleware('scope:check-status,place-orders');
    

    就算含有访问令牌验证的请求已经通过应用程序的验证,你仍然可以使用当前授权 User 实例上的 tokenCan 方法来验证令牌是否拥有指定的作用域

    use Illuminate\Http\Request;
    
    Route::get('/orders', function (Request $request) {
        if ($request->user()->tokenCan('place-orders')) {
            //
        }
    });
    

    scopeIds 方法将返回所有已定义 ID / 名称的数组:

    Laravel\Passport\Passport::scopeIds();
    

    scopes 方法将返回一个包含所有已定义作用域数组的 Laravel\Passport\Scope 实例:

    Laravel\Passport\Passport::scopes();
    

    scopesFor 方法将返回与给定 ID / 名称匹配的 Laravel\Passport\Scope 实例数组:

    Laravel\Passport\Passport::scopesFor(['place-orders', 'check-status']);
    

    你可以使用 hasScope 方法确定是否已定义给定作用域:

    Laravel\Passport\Passport::hasScope('place-orders');
    

    事件

    protected $listen = [
        'Laravel\Passport\Events\AccessTokenCreated' => [
            'App\Listeners\RevokeOldTokens',
        ],
    
        'Laravel\Passport\Events\RefreshTokenCreated' => [
            'App\Listeners\PruneOldTokens',
        ],
    ];
    

    javascript 中使用 api

    'web' => [
        // Other middleware...
        \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
    ],
    // 注意:你应该确保在您的中间件堆栈中 CreateFreshApiToken 中间件之前列出了 EncryptCookies 中间件。
    
    axios.get('/api/user')
        .then(response => {
            console.log(response.data);
        });
    

    自定义 Cookie 名称

    public function boot()
    {
        $this->registerPolicies();
    
        Passport::routes();
    
        Passport::cookie('custom_name');
    }
    

    测试

    actingAs 方法可以指定当前已认证用户及其作用域 。

    use App\User;
    use Laravel\Passport\Passport;
    
    public function testServerCreation()
    {
        Passport::actingAs(
            factory(User::class)->create(),
            ['create-servers']
        );
    
        $response = $this->post('/api/create-server');
    
        $response->assertStatus(201);
    }
    

    actingAsClient 方法可以指定当前已认证客户端及其作用域 。

    use Laravel\Passport\Client;
    use Laravel\Passport\Passport;
    
    public function testGetOrders()
    {
        Passport::actingAsClient(
            factory(Client::class)->create(),
            ['check-status']
        );
    
        $response = $this->get('/api/orders');
    
        $response->assertStatus(200);
    }
    
    展开全文
  • Nortel Passport

    2013-03-01 03:00:37
    Nortel Passport_Engineering.pdf
  • passport-auth0, Passport.js的Auth0认证策略 passport-auth0 这是 Passport.js.的auth0认证策略安装npm install passport-auth0配置从仪表板的设置获取你的凭证,并按如下方式初始化策略:var
  • Passport object undefined

    2020-12-01 21:14:45
    The error is produced during the following block in <code>passport.js</code>: <pre><code> // Scenario: An existing user is trying to log in using an already // connected passport. // Action: Get ...
  • Laravel开发-passport

    2019-08-28 05:27:10
    Laravel开发-passport Laravel Passport为Laravel提供OAuth2服务器支持。
  • coffee_passport-源码

    2021-02-14 07:56:03
    coffee_passport
  • We need to provide users with guidance on how to take a photo of their passport. <img width="531" alt="Passport image quality guide screen design (desktop)" src=...
  • passport-openidconnect, Passport 和 node.js的OpenID连接认证策略 passport连接Passport 使用 OpenID连接的认证策略。这个模块允许你在 node.js 应用程序中使用OpenID连接进行身份验证。 通过插入到 Passport 中,...
  • Passport Policy Suggestion

    2020-12-08 20:32:42
    ve been digging around a lot of different implementations of Passport.js into sails, and I've found this really useful. By updating policies/passport.js to this, it will allow socket passport ...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 7,463
精华内容 2,985
关键字:

passport