刷新令牌Jsonwebtoken [英] Refresh Token Jsonwebtoken
问题描述
我在NodeJs API应用程序中使用 jsonwebtoken 来对我的API应用程序中的用户进行身份验证.我设置的流程如下:
1)用户通过注册API进行注册,并使用以下内容生成访问令牌:
var jwt = require('jsonwebtoken');
var token = jwt.sign(user, _conf.authentication.superSecret, {
expiresIn: 1440 // I intend to keep it short.
});
2)令牌例如在24小时后过期.此令牌将返回给客户端移动应用程序,以用作所有后续API请求中的标头.
我想知道如何处理jwt的刷新令牌.目前,我没有刷新令牌的机制.因此,如果令牌在24小时后过期,我希望客户端(移动应用程序)能够请求新的访问令牌. 预先感谢.
我在一个项目中遇到了同样的问题.
1)我创建了刷新令牌,并在用户登录时(使用jsonwebtoken)将其返回.我与用户一起保存了刷新令牌.
2)当客户端发送带有过期令牌的请求时,服务器返回401.
3)我实现了一条刷新令牌的新路径.它接收刷新令牌和用户作为参数,并返回一个新令牌(jsonwebtoken).
4)(可选),您可以实施一种机制来使刷新令牌无效,以防有人偷走了它.
我在这篇文章中基于我的实现,非常好的摘要:
希望有帮助
I am using jsonwebtoken in NodeJs API application for authenticating user in my API application. The flow that I have setup is as follows:
1) The user registers through signup API and the access token is generated using the following:
var jwt = require('jsonwebtoken');
var token = jwt.sign(user, _conf.authentication.superSecret, {
expiresIn: 1440 // I intend to keep it short.
});
2) The token expires in 24 hours for example. This token is returned to the client mobile application to use as header in all the subsequent API requests.
I want to know how do I work around with refresh token for jwt. Currently I don't have a mechanism for refreshing token. Hence if the token expires in 24 hours I want the client (mobile app) to be able to request a new access token. Thanks in advance.
I had same problem in a project.
1) I created the refresh token and returned it when user signed in (with the jsonwebtoken). I saved the refresh token with the user.
2) When client send a request with the expired token, server returns 401.
3) I implemented a new path to refresh the token. It receives the refresh token and the user as param and returns a new token (jsonwebtoken).
4) (optional) You can implement a mechanism for invalidating a refresh token, in case someone stole it
I based my implementation in this post, really good snippets:
Refresh token in JWT (Node.js implementation)
Hope it helps
这篇关于刷新令牌Jsonwebtoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
