如何使用jwt-auth在Laravel中正确设置JWT机密? [英] How to correctly set a JWT secret in Laravel with jwt-auth?

问题描述

我想在项目中测试JWT的身份验证，因为JWT将从应用程序外部发送，因此必须使用我的应用程序中的密钥对它们进行签名.这可能吗?有谁知道一个允许您使用机密签名令牌的网站?

I'd like to test the authentication of JWTs in my project as the JWTs will be sent from outside the app, and so they must be signed using the key from my application. Is this possible? Does anyone know of a site that allows you to sign a token using a secret?

我尝试了 http://jwtbuilder.jamiekurtz.com/，但JWT-auth不断返回{"error":"token_invalid"}如果我输入由jwt:generate返回的密钥.这使我相信此命令返回的密钥实际上不是在我的应用程序中用于签名JWT的密钥.

I tried http://jwtbuilder.jamiekurtz.com/ but JWT-auth keeps returning {"error":"token_invalid"} if I enter the key which was returned by jwt:generate. This leads me to believe the key returned by this command is not actually the key used to sign JWTs in my application.

我正在使用php artisan jwt:generate生成密钥，该密钥返回以下内容:

I'm using php artisan jwt:generate to generate a key, which returns the following:

jwt-auth secret [...] set successfully.

但是它在哪里设置?我的.ENV文件中的JWT_SECRET变量没有更改，并且如果我在项目范围内搜索该密钥，则找不到该变量.

But where is it set? The JWT_SECRET variable in my .ENV file doesn't change, and if I perform a project wide search for the key it's not found.

此命令有效吗?

Laravel 5.3，jwt-auth 0.5.9.

Laravel 5.3, jwt-auth 0.5.9.

推荐答案

最近在0.5.9和0.5.12中进行的测试表明jwt:generate命令仅更改config/jwt.php IFF中的值，这是使用的密钥.若要亲自查看，请将.env中的值设置为与config/jwt.php中的值相同，它将在首次运行时更改config中的值，但是它将中断.

Recent testing in both 0.5.9 and 0.5.12 indicates that the jwt:generate command ONLY changes the value in config/jwt.php IFF it is the key in use. To see this for yourself, set the value in .env to be the same as in config/jwt.php and it WILL change the one in config the first time you run it but then it will break.

一些搜索表明开发人员没有计划将其修复为0.5.*

A bit of searching indicates that the dev has no plans to fix this for 0.5.*

我编写了一个(单行相当费劲的)bash脚本，如果该脚本不存在，它将在.env中创建此JWT_SECRET或更新所有出现的"JWT_SECRET =":

I wrote a (admittedly rather ungainly single line) bash script that will create this JWT_SECRET in .env if it does not exist or update all occurrences of 'JWT_SECRET=':

env=".env"; secret="$(php artisan jwt:generate --show)"; oldsecrets="$(grep '^JWT_SECRET=' $env)"; if [ -z "$oldsecrets" ]; then sed -i "$ a JWT_SECRET=$secret" "$env"; else echo "$oldsecrets" | while IFS= read -r line ; do echo "$line"; sed -i -e "s/$line/JWT_SECRET=$secret/g" "$env"; done; fi

这篇关于如何使用jwt-auth在Laravel中正确设置JWT机密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！