Leaf/amber-laravel
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复 认证

Browse Source
This commit is contained in:
Twilight 2024-07-24 14:57:28 +08:00
parent 21b2254379
commit ce8aff3626
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Providers/AppServiceProvider.php
View File

@ -47,11 +47,27 @@ private function setJWTGuard(): void
try { try {
$decoded = JWT::decode($jwt, $keys, $headers); $decoded = JWT::decode($jwt, $keys, $headers);
$request->attributes->add(['token_type' => $headers->typ]); // $request->attributes->add(['token_type' => $headers->typ]);
} catch (Exception $e) { } catch (Exception $e) {
return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401); return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401);
} }
// must id_token
if ($headers->typ !== 'id_token') {
return response()->json(['error' => 'The token not id_token'], 401);
}
// 检查是否有 字段
$required_fields = [
'name', 'sub',
];
foreach ($required_fields as $field) {
if (! isset($decoded->$field)) {
return response()->json(['error' => 'The token not contain the field '.$field], 401);
}
}
if (config('oauth.force_aud')) { if (config('oauth.force_aud')) {
if (! in_array($decoded->aud, config('oauth.trusted_aud'))) { if (! in_array($decoded->aud, config('oauth.trusted_aud'))) {
return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401); return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);