更新时间:2023-11-22 08:29:28
您可以编写自己的Controller和Routes ...
You can write your own Controller and Routes...
Passport有一个已定义的"Laravel \ Passport \ Http \ Controllers \ AccessTokenController",还有一个名为"issueToken()"的方法.
Passport has a defined "Laravel\Passport\Http\Controllers\AccessTokenController" and there is a method called "issueToken()".
如果您看到下面的方法,它将调用函数"revokeOtherAccessTokens()",并且此删除或 使用以下所有"access_tokens" "Laravel \ Passport \ TokenRepository"
If you see the method below it calls the function "revokeOtherAccessTokens()", and this deletes or revoke all "access_tokens" using the "Laravel\Passport\TokenRepository"
所以您可以做的是编写自己的控制器,并防止调用"revokeOtherAccessTokens()"
您必须牢记的事实是,访问令牌将永远不会被修剪或吊销,至少不会发出刷新令牌或手动将其删除.
发出刷新令牌时,刷新令牌和访问令牌被吊销,因为方法"respondToAccessTokenRequest()"中的"League \ OAuth2 \ Server \ Grant \ RefreshTokenGrant",它已经吊销了旧的"access_token"和"refresh_token",因此在这种情况下,我们不必担心撤销或删除它们.
Refresh tokens and access tokens are revoked when refresh token is issued, because the "League\OAuth2\Server\Grant\RefreshTokenGrant" in method "respondToAccessTokenRequest()", it already revoke old "access_token" and "refresh_token", so we don't have to worry about revoke or delete them in this case.
...
// Expire old tokens
$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
...
这是一个示例实现,希望对您有所帮助:
Here is an sample implementation, hope it helps:
路线:
Route::post('oauth/access_token', 'Auth\OAuth2Controller@issueToken');
自定义控制器:
<?php
namespace App\Http\Controllers\Auth;
use Laravel\Passport\Http\Controllers\HandlesOAuthErrors;
use Zend\Diactoros\Response as Psr7Response;
use Psr\Http\Message\ServerRequestInterface;
use League\OAuth2\Server\AuthorizationServer;
use App\Http\Controllers\Controller;
class OAuth2Controller extends Controller
{
use HandlesOAuthErrors;
/**
* The authorization server.
*
* @var AuthorizationServer
*/
protected $server;
/**
* Create a new controller instance.
*
* @param AuthorizationServer $server
* @return void
*/
public function __construct(AuthorizationServer $server)
{
$this->server = $server;
}
/**
* Authorize a client to access the user's account.
*
* @param ServerRequestInterface $request
* @return Response
*/
public function issueToken(ServerRequestInterface $request)
{
return $this->withErrorHandling(function () use ($request) {
return $this->server->respondToAccessTokenRequest($request, new Psr7Response);
});
}
}