我开发了一个API,但令牌过期时遇到问题,我试图找到刷新API发送的令牌的方法,但一无所获这是我的用户mdoal:
<?php
namespace App;
use TymonJWTAuthContractsJWTSubject;
use IlluminateNotificationsNotifiable;
use IlluminateFoundationAuthUser as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password','username','lastname','tel','tel',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
这是我的登录控制器
<?php
namespace AppHttpControllers;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
use AppHttpControllersController;
use AppUser;
use JWTFactory;
use JWTAuth;
use Validator;
class APILoginController extends Controller
{
//
public function login( Request $request){
$validator = Validator::make($request -> all(),[
'email' => 'required|string|email|max:255',
'password'=> 'required'
]);
if ($validator -> fails()) {
# code...
return response()->json($validator->errors());
}
$credentials = $request->all('email','password');
try{
if (! $token = JWTAuth::attempt( $credentials) ) {
# code...
return response()->json( ['error'=> 'invalid username and password'],401);
}
}catch(JWTException $e){
return response()->json( ['error'=> 'could not create token'],500);
}
$currentUser = Auth::user();
return response()->json( ['user'=> $currentUser,'token'=>compact('token')],200);
///return response()->json( compact('token'));
}
}
我在github中找到了一个创建自定义中间件的解决方案,当令牌过期时,刷新的令牌会添加到响应标头中。应用只需要搜索响应是否具有此内容,如果是,请更新保存的令牌。
<?php
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
class RedirectIfAuthenticated
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next)
{
try
{
if (! $user = JWTAuth::parseToken()->authenticate() )
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
}
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
return response()->json([
'code' => 103, // means not refreshable
'response' => null // nothing to show
]);
}
}
catch (JWTException $e)
{
return response()->json([
'code' => 101 ,//, means auth error in the api,
'response' => null // nothing to show
]);
}
// Login the user instance for global usage
Auth::login($user, false);
return $next($request);
}
}
所以你正在使用普通的PHP方法来设置Laravel中间件中的标头,这是行不通的。
你应该检查一下:https://github.com/tymondesigns/jwt-auth/blob/develop/src/Http/Middleware/BaseMiddleware.php
https://github.com/tymondesigns/jwt-auth/blob/develop/src/Http/Middleware/RefreshToken.php
基本上,更改:
header('Authorization: Bearer ' . $refreshed);
自
$response = $next($request);
$response->headers->set('Authorization', 'Bearer '.$token);
事情如下,这种 aproach 不会按预期工作,因为这种"AfterMiddleware"在请求通过您的应用程序后执行。所以:
- 用户使用过期的令牌发出请求
- 由于令牌过期,应用将返回 403 或 401(不记得了(。
- 但是,响应将包含带有新令牌的标头
- 您使用新令牌发出相同的请求,它应该可以工作。