我使用oauth2-server-laravel作为我的API。我想给范围的客户应用程序谁正在使用我的API (Android, Windows,IOS和web)。因此,我实现了如下方法:
我的表数据如下
oauth_clients 表
+-----------+---------+---------+---------------------+---------------------+
| id| secret | name | created_at | updated_at |
+-----------+---------+---------+---------------------+---------------------+
| 123456789 | secret1 | web | 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
| 234567890 | secret2 | win_app | 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
+-----------+---------+---------+---------------------+---------------------+
oauth_scopes 表
+--------+--------------------+---------------------+---------------------+
| id | description | created_at | updated_at |
+--------+--------------------+---------------------+---------------------+
| scope1 |来宾级访问| 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
| scope2 | admin级权限| 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
+--------+--------------------+---------------------+---------------------+
oauth_client_scopes 表
我的<<p> strong> routes.php ,+----+-----------+----------+---------------------+---------------------+
| id | client_id | scope_id | created_at | updated_at |
+----+-----------+----------+---------------------+---------------------+
| 1 | 234567890 | scope2 | 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
| 2 | 123456789 | scope1 | 2015-08-10 00:00:00 | 2015-08-10 00:00:00 |
+----+-----------+----------+---------------------+---------------------+
Route::group(['middleware' => 'oauth:scope2','prefix' => 'api/v1'], function () {
Route::GET('categoriesWithOffers', 'api'v1'CategoriesController@categoriesWithOffers');
});
和我的oauth2.php设置如下
'grant_types' => [
'client_credentials' => [
'class' => ''League'OAuth2'Server'Grant'ClientCredentialsGrant',
'access_token_ttl' => 3600
],
],
'token_type' => 'League'OAuth2'Server'TokenType'Bearer',
'state_param' => false,
'scope_param' => false,
'scope_delimiter' => ',',
'default_scope' => null,
'limit_clients_to_grants' => false,
'limit_clients_to_scopes' => false,
'limit_scopes_to_grants' => false,
'http_headers_only' => false,
我要求以下方式
<>以前http://domain.com/api/v1/categoriesWithOffers?access牌= Jo7lAqE2uD3KbyLQWlrmukzyHJOQBHZ1QFsuBKUt&scope = scope1 之前显示了这个错误
{"错误":"invalid_scope","error_description": "请求的范围无效、未知或格式不正确。"检查"scope2"范围。}
当我将当前请求令牌和范围添加到oauth_access_token_scopes表可以正常工作。但是我需要定义这个问题开头提到的作用域。
任何帮助都将非常感激!
在请求获取访问令牌时使用
/token?grant_type=client_credentials&client_id=234567890&client_secret=123456789&scope=scope1
使用此url,您将获得访问令牌,然后您可以在您的url上使用。