以下文件为Laravel Passport 401

Question

我按照文件使用幼虫5.6安装幼虫护照。目前，当我使用api保护器访问我的任何api路由时，我将在请求中获得401 http状态。我看起来被扔了几百个，或者好像是讨论这个话题，似乎找不到有用的东西。任何帮助都会很好。

1. 与作曲家一起安装
2. php工匠护照:安装
3. 将HasApiTokens放在用户模型中
4. 护照：：routes()；在Auth提供者
5. config/auth.php中已更改的提供程序
6. 把这个放到web中间软件\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class，中

我的请求标头

Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: application/json
Date: Thu, 17 May 2018 03:34:11 GMT
phpdebugbar-id: Xe76c4a977b813e9296e0705b5cd6bc05
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.2.4
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
POST /api/chat HTTP/1.1
Host: ct.test
Connection: keep-alive
Content-Length: 33
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
Origin: http://ct.test
X-XSRF-TOKEN: eyJpdiI6IkQ3K3o3SExMYVZEWnYyejJQXC9zUlpnPT0iLCJ2YWx1ZSI6Ijh6UWVtdDlzU0hIWnpqZmdmazhSc0FMWUU5MTQ1N1dXNStZVlk3amhIbjNmYmlhN3BwaEJwbTI0MU5qUjVFRUtqWWV2aW1Td3JvdDg0QTd6RWJzem9RPT0iLCJtYWMiOiJkMDE0MmU2NGY5NmY3YmIxZjAwMjI4OGM1ZDUzMTU5OTBmMjNkM2YxOTZkNzM5NTAyMzliZjc0YTgyMTUyZWQ4In0=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4)     AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://ct.test/chat/new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: laravel_token=eyJpdiI6IlhMSERkejlyNFRodkZtUGdZekI2V2c9PSIsInZhbHVlIjoiK2lTbGZCN3NPWjU4aDNLdkNcLzhIRzJhTE8wVmxET1J1aXdsRUgwbEQ1am9MME5MekRCWHRGQkgzaDhlTVc3OTNrc1BlMXFVQXF1SDN1UWRMNXoyRjRFQXBnTmZwVng1T0RKcVwvYWFzWHB6QkpBcERPOXUzUXc2SHVkeXNsaHRsVUJJQkZSbDVxK2NFQmdiT012cytWYmVHQmpWY01LSno3NXdvbGZjT3RIK3pmMkRUTTBvUUE1OXJ0bUNmNzkyYktFVWdIbTQ0YmZuZ05YSEs4dE5mcW5zcnBod2h4d2JsTkxSTWk0bk53S2hyK3VrRnNlRGFuUHU4RzZBblwvalhGMFB4YlhHeUlmTm1JanFKaCtoQUxTNUE9PSIsIm1hYyI6IjdjNzQ0MTIzMDBkOTc4ZGQ1M2I5M2Q5MThmN2NiZDU4MDU2YjhjZDIyOWQzNDhhNDkyY2Q5NGM4ZTFkOTU3MzYifQ%3D%3D; XSRF-TOKEN=eyJpdiI6IkQ3K3o3SExMYVZEWnYyejJQXC9zUlpnPT0iLCJ2YWx1ZSI6Ijh6UWVtdDlzU0hIWnpqZmdmazhSc0FMWUU5MTQ1N1dXNStZVlk3amhIbjNmYmlhN3BwaEJwbTI0MU5qUjVFRUtqWWV2aW1Td3JvdDg0QTd6RWJzem9RPT0iLCJtYWMiOiJkMDE0MmU2NGY5NmY3YmIxZjAwMjI4OGM1ZDUzMTU5OTBmMjNkM2YxOTZkNzM5NTAyMzliZjc0YTgyMTUyZWQ4In0%3D; laravel_session=eyJpdiI6IkxTM0JiQVZPekFkb3VDaFh5MTRGNWc9PSIsInZhbHVlIjoiemxaTXZVNGlPWFFOS1o3MUx6NUgrWFc2dEFVQ1dZTUlOTWc2bUJvMXY1NVBISTZuVmFLVGlKOVNveXk0dTMyWXFjaDk1eTBlemxoa0pnWWRLWVNYR0E9PSIsIm1hYyI6ImJhNzRhM2FiYjc1Mzc4NTVlYzY3MWUwZjkwNzZlOWVhNDY3OWQ5MmNlOTc0MGM1MDg1YmViNDNjYjQ0M2Q0MDkifQ%3D%3D

我的路线是这样的

Route::middleware('auth:api')->group(function () {
    Route::post('/chat', 'ChatController@store');
});

Answer 1

你在混合API策略。你引用了这句话：

此Passport中间件将向您的传出响应附加一个laravel_token cookie。..。

只有当您想在内部使用您的应用程序时，这才是正确的。这很好，但是正如您在评论中指出的那样，您必须使用web中间件，而不是auth:api中间件。

当然，这假设您使用axios来发出请求，并保留了Laravel附带的默认javascript，它会自动将x-csrf-token注入axios头部。没有这一点，这是行不通的。