xcoorp/laravel-passport-introspection
Composer 安装命令:
composer require xcoorp/laravel-passport-introspection
包简介
Package to add an introspection endpoint to Laravel Passport
README 文档
README
Introduction
Laravel Passport Introspection is a Laravel Passport addition that provides an introspection endpoint for your Laravel application. This is useful if you want to introspect tokens in your application, e.g. to check if a token is still valid or to get information about the token.
You will typically need this if you set up a separate resource server that is meant to authenticate against an Authentication Server running Laravel Passport. To setup a resource server, you can check out the Passport Control Package.
Table of Contents
Installation
Important
This package assumes you have already installed and configured Laravel Passport in your Laravel application.
You can simply install the package via composer:
composer require xcoorp/laravel-passport-introspection
After the installation you need to add the introspect scope to the configured passport scopes.
If you haven't already defined scopes or do not know how to do this, please refer to the
official Laravel Passport documentation.
use Laravel\Passport\Passport; Passport::tokensCan([ 'introspect' => 'Introspect tokens', ]);
Usage
Once you have installed the package, a new Route will be available at /oauth/introspect that you can use to introspect tokens.
Please note that the introspection endpoint is not meant to be publicly accessible since it can leak sensitive information
about your tokens. Therefore, this package makes use of the client credentials grant to authenticate the request. More information
on what this is and how to create a client credentials grant client can be found in the
official Laravel Passport documentation.
Once you have created a client credentials grant client, and received an access token for it, you can use the token to authenticate
against the introspection endpoint via Bearer Authentication. The endpoint expects a POST request with the following inside the request body (application/x-www-form-urlencoded):
| Parameter | Value |
|---|---|
| token | The token you want to introspect. |
| token_type_hint (optional) | The type of token you want to introspect. This can be either access_token or refresh_token. If you do not provide this parameter, the endpoint will try to introspect the token as an access token. |
The endpoint will return a JSON response with the following parameters:
| Key | Value |
|---|---|
| active | A boolean indicating whether the token is active or not |
| scope | A JSON string containing a space-separated list of scopes associated with this token |
| client_id | The client id of the client that requested this token. |
| username | The unique identifier of the user that requested this token |
| exp | Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire |
If you want to customize the Route or the Controller that handles the introspection request, you can disable route
publishing of this package and create your own route and controller. You can do this by adding the following line to the
boot method of your AppServiceProvider:
public function boot() { PassportIntrospection::ignoreRoutes(); }
Testing
Functionality of this package is tested with Pest PHP. You can run the tests with:
composer test
Code of Conduct
In order to ensure that the community is welcoming to all, please review and abide by the Code of Conduct.
Security Vulnerabilities
Please review the security policy on how to report security vulnerabilities.
License
The MIT License (MIT). Please see License File for more information.
xcoorp/laravel-passport-introspection 适用场景与选型建议
xcoorp/laravel-passport-introspection 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.69k 次下载、GitHub Stars 达 3, 最近一次更新时间为 2024 年 06 月 26 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「oauth」 「laravel」 「passport」 「introspection」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 xcoorp/laravel-passport-introspection 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 xcoorp/laravel-passport-introspection 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 xcoorp/laravel-passport-introspection 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
WeChat OAuth SDK
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Library for ORCID web services
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
A package to allow laravel/passport use with mongodb/laravel-mongodb
Multiauth and custom grants for laravel passport
统计信息
- 总下载量: 2.69k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 19
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2024-06-26