php - JWT 授权 laravel/angularjs 问题

Question

所以我正在尝试创建一个基本的 JWT token 身份验证。

我使用 Laravel 作为我的后端 API 和 tymon/jwt-auth 来创建 token /刷新 token 并提供中间件来检查 token 。

我正在使用 AngularJS 和 Satellizer 将返回的 token 存储在本地存储中，并为所有 future 的请求发送所述 token 。

我正在使用 Laravel 5.1/Jwt-auth 0.5.*/AngularJs 1.4.7/Satellizer(最新)。

我登录并且 token 存储在我的本地存储中。然后我尝试调用 authentcate 的索引以“获取所有用户”并且授权 header 与 Bearer <token stored in local storage> 一起存在但我得到“token_not_provided”的响应，几乎就像中间件没有在授权 header 中查找 token 一样。这是我的一些代码。我正在关注 https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps .

AuthenticateController.php:

<?php namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use App\User;

class AuthenticateController extends Controller
{

    public function __construct()
    {
        // Apply the jwt.auth middleware to all methods in this controller
        // except for the authenticate method. We don't want to prevent
        // the user from retrieving their token if they don't already have it
        $this->middleware('jwt.auth', ['except' => ['authenticate']]);
    }

    public function index()
    {
        // Retrieve all the users in the database and return them
        $users = User::all();
        return $users;
    }

    public function authenticate(Request $request)
    {
        $credentials = $request->only('email', 'password');

        try {
            // verify the credentials and create a token for the user
            if (!$token = JWTAuth::attempt($credentials)) {
                return response()->json(['error' => 'invalid_credentials'], 401);
            }
        } catch (JWTException $e) {
            // something went wrong
            return response()->json(['error' => 'could_not_create_token'], 500);
        }

        // if no errors are encountered we can return a JWT
        return response()->json(compact('token'));
    }
}

Answer 1

使用 Apache 时，您需要将 .htaccess 设置为不裁剪 Authorization header 。

在 path/to/your/project/public/.htaccess 打开 .htaccess 并添加这个

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

我的是这样的:

<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

RewriteEngine On        

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]