从Laravel中的请求中获取Bearer令牌的方法
Client Request 请求的 JWT 令牌,包含在请求标头中,例如:
'Authorization' => 'Bearer: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4'
我想获得此令牌并验证它:这是我正在尝试的内容:
$token = $request->header('Authorization');
这就是我得到的:
"Authorization: Bearer: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4"
接下来我们就来抓取 “Authorization: Bearer” 的令牌
方法 1
通过 request () 方法获取 header (‘Authorization’)
$header = \request()->header('Authorization');
"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4"
发现返回值带有 “Bearer” 标头,通过去掉字符串前 7 位,就能得到 token 的字符串信息
use Illuminate\Support\Str;
public function bearerToken()
{
$header = \request()->header('Authorization');
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
方法 2
经过对 laravel 的研究发现,在 InteractsWithInput 类中有封装好的处理方法,源码如下:
/**
* Get the bearer token from the request headers.
*
* @return string|null
*/
public function bearerToken()
{
$header = $this->header('Authorization', '');
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
我们发现这个实现方式与方法 1 一模一样,所以,我们可以直接调用 InteractsWithInput::bearerToken (),实现 Authorization 抓取并处理 Bearer
$header = \request()->bearerToken();
最终得到的结果:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9tYW5hZ2UuYWNjNS5tZVwvbWFuYWdlXC9hdXRoXC9sb2dpbiIsImlhdCI6MTY1Mzg3MzE3MywiZXhwIjoxNjUzODk0NzczLCJuYmYiOjE2NTM4NzMxNzMsImp0aSI6ImVyNDlKcEh0OTROaU9FMkYiLCJzdWIiOjQwMzYsInBydiI6Ijc4N2I0NTc3NjMxZThjMGEwYjBlNWRhN2YzODBjMGJjODk3MjI3YmQiLCIwIjoibWFuYWdlIn0.dVNLT_x53IK00FH7eFtI2fPimVcGOCLi916oH4iaBb4
通过 token 鉴权和验证,就可以正常请求 api 接口了,下一期给大家分享 token 生成和鉴权验证。
注:laravel 版本 5.8