Laravel Passport:API的令牌存储在服务器上吗?在哪里? [英] Laravel Passport: Are API's tokens stored on the server, and where?

问题描述

我试图找到方法$user->createToken('MyApp')->accessToken;返回的令牌在数据库中的存储位置，但是我似乎找不到它.它首先存储在服务器中吗?如果是这样，在哪里?

I tried to find where the token returned by the method $user->createToken('MyApp')->accessToken; is stored on the database but I can't seem to find it. Is it stored in the server in the first place? If so, where?

如果由于它是独立的而未存储在服务器上，为什么Laravel的开发人员将$table->rememberToken();放入默认的create_users_table.php迁移中? remember_token列的目的是什么?

If it's not stored on the server because it's self-contained, why did Laravel's developers put $table->rememberToken(); in the default create_users_table.php migration? What's the purpose of the column remember_token?

谢谢您的帮助.

推荐答案

我猜你可以说令牌的 some 部分存储在数据库中.

I guess you could say that some part of the token is stored in the database.

返回的令牌为 JWT (JSON网络令牌).在其中编码的是有关令牌的信息，例如令牌的到期时间，用于对其进行哈希处理的算法，令牌作用域及其ID(在有效负载中，其名称为jti).该ID是oauth_access_tokens表中存储的内容.

The token returned is JWT (JSON Web Token). Encoded in it is information about the token, like its expiration time, the algorithm used to hash it, the token scopes and its ID (in the payload it's named jti). That ID is what's stored in the oauth_access_tokens table.

在\Laravel\Passport\PersonalAccessTokenFactory::findAccessToken类中的此方法中，您可以看到Laravel如何检查令牌是否在数据库中:

In this method in the \Laravel\Passport\PersonalAccessTokenFactory::findAccessToken class you can see how Laravel is checking if the token is in the database:

 /**
 * Get the access token instance for the parsed response.
 *
 * @param  array  $response
 * @return Token
 */
protected function findAccessToken(array $response)
{
    return $this->tokens->find(
        $this->jwt->parse($response['access_token'])->getClaim('jti')
    );
}

如果您获得有效的令牌并将其粘贴到此在线工具中，您将看到它的结构.外观如下:

If you get a valid token and paste it in this online tool you will see the structure of it. Here's how it looks:

现在，了解有效载荷的预期格式，如果您稍微了解一下此信息以及oauth_access_tokens中的数据(id，作用域，创建和到期日期)，就应该能够创建有效的令牌.

Now, knowing the expected format of the payload, if you play around a bit with this information and the data you have in your oauth_access_tokens (id, scope, creation and expiration date) you should be able to create a valid token.

这篇关于Laravel Passport:API的令牌存储在服务器上吗?在哪里?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！