在环回中创建永久 AccessToken [英] Creating Permanent AccessToken in loopback

问题描述

如何为 StrongLoop API 创建永久访问令牌.现在，对于每个用户登录，它都会创建一个访问令牌.和我的数据库中不必要的条目

How to create a permanent access token for a StrongLoop API. Now for every user login it creates an access token. And unnecessary entry in my db

如此处所述，我可以增加访问令牌(ttl)的有效性.

但它仍然会为新登录生成.

But still it will generate for new login.

推荐答案

你混淆了两种不同的东西.AccessToken 条目的创建和 AccessToken 的 ttl 值.

You are mixing up 2 different things. The AccessToken entry creation and the ttl value for the AccessToken.

当用户登录时，会创建一个新的 AccessToken.如果用户注销，AccessToken 将被删除.如果用户登录 2 次，例如从 2 个不同的设备登录，那么您将获得 2 个 AccessToken，这样用户就可以同时从 2 个设备访问您的应用程序.

When a user logs in a new AccessToken is created. If the user logs out the AccessToken is removed. If the user logs in 2 times, for example from 2 different devices, then you will get 2 AccessTokens, so this way the user will be able to access your app from the 2 devices simultaneously.

如果用户想从同一台设备登录并且他已经有一个有效的令牌，你的应用应该识别出这一点并自动登录.

If the user wants to log in from the same device and he already has a valid token, your app should recognise this and log him in automatically.

显然，如果 ttl 值过期，令牌将不再有效.如果尝试使用此令牌将被删除.我想如果您不想在数据库中包含这些记录，您可以创建一个自定义 cron 作业来删除过期的令牌.

Obviously if the ttl value is expired, the token will not be valid any more. This token will be removed if is tried to be used. I guess if you don't want this records in your database, you could create a custom cron job that removes expired tokens.

关于永久访问令牌，它将需要禁用 ttl 值，这对于默认的 AccessToken 模型目前是不可能的.我创建了一个拉取请求来支持它，如果您有兴趣，可以加入并查看它是否被合并.

Regarding the permanent access token, it will require to disable the ttl value, and that is not possible at the moment for the default AccessToken model. I created a pull request to support that, if you are interested you could chime in and see if it gets merged.

这篇关于在环回中创建永久 AccessToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！