php - access_token过期后如何刷新token
问题描述
我在我的 laravel 应用程序中使用tymondesigns/jwt-auth包进行身份验证。我的 AuthController 看起来像这样:
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use App\Http\Resources\UserResource;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Contracts\Providers\Auth;
use Tymon\JWTAuth\Facades\JWTAuth;
class AuthController extends Controller {
public $auth;
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('jwt', ['except' => ['login']]);
}
/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login()
{
$user = \App\User::first();
auth()->byId($user->id);
if (! $token = JWTAuth::fromUser($user)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return $this->respondWithToken($token);
}
/**
* Get the authenticated User.
*
* @return \Illuminate\Http\JsonResponse
*/
public function me()
{
return response()->json(auth()->user());
}
/**
* Log the user out (Invalidate the token).
*
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
auth()->logout();
return response()->json(['message' => 'Successfully logged out']);
}
/**
* Refresh a token.
*
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
$token = \Auth::guard()->refresh();
$user = JWTAuth::setToken($token)->toUser();
return $this->respondWithToken($token);
}
/**
* Get the token array structure.
*
* @param string $token
*
* @return \Illuminate\Http\JsonResponse
*/
protected function respondWithToken($token)
{
$responseArray = [
'access_token' => $token,
'user' => new UserResource(auth()->user()),
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60,
];
return response()->json($responseArray);
}
}
我有一个 JWT 中间件,其handle()方法如下所示:
public function handle($request, Closure $next)
{
JWTAuth::parseToken()->authenticate();
return $next($request);
}
以下是路线:
Route::post('login', 'AuthController@login')->name('login');
Route::post('logout', 'AuthController@logout');
Route::post('refresh', 'AuthController@refresh');
问题是只要访问令牌未过期,我就只能刷新令牌。但是,如果我想在访问令牌过期后刷新令牌怎么办?/refresh现在,当我在令牌到期后到达路线时,它只会抛出 TokenExpiredException 。即使访问令牌已过期,如何刷新令牌?
解决方案
public function token(){
$token = JWTAuth::getToken();
if(!$token){
throw new BadRequestHtttpException('Token not provided');
}
try{
$token = JWTAuth::refresh($token);
}catch(TokenInvalidException $e){
throw new AccessDeniedHttpException('The token is invalid');
}
return $this->response->withArray(['token'=>$token]);
}
推荐阅读
- r - ggplot2 - 多个 geom_lines 的单独图例
- javascript - video标签如何确定canplay需要多少缓冲
- post - 通过 Arduino IDE 来自 IFTTT 的 HTTP 响应代码 -1
- c# - 反序列化 json 中的嵌套对象并分配给 c# 列表
- c# - 如何处理在selenium c#中弹出的窗口文件上传
- sql - 有没有办法在 Athena 的 ARRAY(ROW()) 中取消嵌套或返回所有元素?
- xcode - NSTableView 内容的自动调整大小不起作用
- android - 使用动态 URL 进行改造
- python - 如何从子流程中获取输入?
- javascript - 除了递归调用本身之外,命名一个正在分配的函数还有其他用途吗?