Home > PHP Framework > Laravel > body text

How Laravel uses ApiToken to authenticate requests

藏色散人
Release: 2020-06-06 14:40:55
forward
3612 people have browsed it

The following tutorial column of Laravel Getting Started will introduce you to the method of using ApiToken authentication request in Laravel. I hope it will be helpful to friends in need!

How Laravel uses ApiToken to authenticate requests

1. Open the database/migrations/2014_10_12_000000_create_users_table.php migration file. We need to change the structure of the user table.

2. We need to add api_token field, that is to say, our token is saved in the database. In the appropriate location, add a row

$table->string('api_token', 60)->unique();
Copy after login

3. Configure the database and generate the user table through the php artisan migrate command

4. In the user table, add a record at will, as long as the api_token field is set to 123456. In this way, we generate a user, and we can use the token value 123456 to log in later.

5. Return to the routing file routes.php, add a test route in it, and protect it with laravel middleware

Route::group(['middleware' => ['auth.api']], function () { 
  Route::get('/t', function () {
      return 'ok';
  });
});
Copy after login

Here, the auth.api middleware is used, and the middleware definition Enter the picture below:

How Laravel uses ApiToken to authenticate requests

Create WebToken.php in the Middleware file, and then register the middleware in the Kernel.php file

'auth.api' => \App\Http\Middleware\webToken::class,
Copy after login

6. Open the just created The webToken middleware code is as follows

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class webToken
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::guard(&#39;api&#39;)->guest()) {
            return response()->json([&#39;code&#39; => 401,&#39;msg&#39; => &#39;未设置token&#39;]);
        }
        return $next($request);
    }
}
Copy after login

The api of Auth::guard('api') in the code is the auth.php file in the config folder

How Laravel uses ApiToken to authenticate requests

How Laravel uses ApiToken to authenticate requests

7. After making the above modifications, when we directly initiate a request to the server with the URL path /t, the server will return a 401 error and a 'token not set' Such a message is what we set in the handle() method before. In other words, /t has been protected by our auth middleware. If we want our request to pass through this middleware normally, we must provide the token .

8. Since we previously added a piece of data with api_token 123456 in the user table, now we request /t from the server again, but this time we add api_token, which is

…/t?api_token=123456
Copy after login

Under normal circumstances, the server will return 'ok', which means that the auth middleware allows this request to pass. But when we change 123456 to other values, this request cannot pass the auth middleware.

For more laravel framework technical articles, please visit laraveltutorial!

The above is the detailed content of How Laravel uses ApiToken to authenticate requests. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:csdn.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template