不明原因JWT令牌无效 [英] Unknown Reason for JWT Tokens invalidation

问题描述

我现在面临非常奇怪的问题，我laravel棱角的应用程序。我使用Tymon智威汤逊，刷新我的每一个请求令牌。我使用 Satellizer 库来处理这些JWT令牌，但 Satellizer 似乎不有回应拦截器捕捉到新的令牌。因此，我写我自己的拦截器这样做。

  .factory（'ResponseHttpInterceptor'，函数（$窗口）{
    返回{
        回应：功能（响应）{
            如果（response.headers（'授权'）！= NULL）{
                $ window.localStorage.removeItem（'satellizer_token'）;
                $ window.localStorage.setItem（'satellizer_token'，response.headers（'授权'）取代（'承载'，''））;
            }
            返回响应;
        }
    }
}）
 

这code基本上抓住了新的令牌，并取代与新的令牌本地存储的现有令牌。

我的测试流程是：

 登录 - ＆GT;请我是谁打电话 - ＆GT;登出
 

注销后我收到一个错误标记无效（这不会经常发生，有时流成功，有时失败）。该流程通过REST客户邮递员完美的作品。因此，我不认为有任何问题，我的API

显示新的令牌附加图像传递，这是我的 WHOAMI 调用后刷新了。

注销后我清除本地存储。谁能告诉我可能是什么原因呢？

修改

 路线::组（['$ P​​ $ PFIX'=＆GT;'API / V1_0']，函数（）{
   路线::后（'登录'，'验证\\ AuthControllerGeneral @ postLogin'）;
   路线::得到（'注销'，['中间件'=＆GT;'jwt.auth'，'使用'=＆GT;'验证\\ AuthControllerGeneral @ getLogout']）;   路线::组（['中间件'=＆GT;'jwt.refresh'，'jwt.auth']，函数（）{
       路线::得到（'WHOAMI，验证\\ AuthControllerGeneral @ loggedInUserInfo'）;
   }）;
}）;
 

解决方案

检查您的htaccess你应该低于code有

  RewriteEngine叙述在
的RewriteCond％{HTTP：授权} ^（。*）
。重写规则*  -  [E = HTTP_AUTHORIZATION：％1]
 

和AuthContrller是一样的<一个href=\"https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Controllers/AuthController.php\" rel=\"nofollow\">https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Controllers/AuthController.php

有的人忘了检查身份验证的中间件。检查这也

<一个href=\"https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Middleware/Authenticate.php\" rel=\"nofollow\">https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Middleware/Authenticate.php

我建议先用默认路由尝试在演示
的https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/routes.php

和你仍然没有得到解决，然后用简单的客户端文件夹结束尝试。
https://github.com/sahat/satellizer/tree/master/examples/client

，你可以把你的laravel公用文件夹只是为了测试。

我发现一切都在satellizer工作正常，但一些人在配置失败。

I'm facing very weird problem with my laravel-Angular application. I'm using Tymon JWT to refresh token on my every request. I'm using Satellizer library to handle these JWT-Tokens, however, Satellizer doesn't seem to have a response interceptor to capture the new token. Hence I wrote my own Interceptor to do so.

.factory('ResponseHttpInterceptor', function ($window) {
    return {
        response: function (response) {
            if (response.headers('Authorization') != null) {
                $window.localStorage.removeItem('satellizer_token');
                $window.localStorage.setItem('satellizer_token', response.headers('Authorization').replace('Bearer ', ''));
            }
            return response;
        }
    }
})

This code basically captures the new token and replaces the existing token in local storage with the new token.

My test flow is:

Login -> Make who Am I call -> Logout

Upon Logout I receive an error Invalid token (this doesn't happen always. Sometimes the flow succeeds and sometimes it fails). This flow works perfect via REST Client postman. So I don't think there is any problem in my API's

Attaching image showing the new token being passed, after it is refreshed after my whoami call.

Upon logout I'm clearing the local storage. Can Anyone tell me what could be the reason for this?

EDIT

Route::group(['prefix' => 'api/v1_0'], function () {
   Route::post('login', 'Auth\AuthControllerGeneral@postLogin');
   Route::get('logout', ['middleware' => 'jwt.auth', 'uses' =>    'Auth\AuthControllerGeneral@getLogout']);

   Route::group(['middleware' => ['jwt.refresh', 'jwt.auth']], function() {
       Route::get('whoami', 'Auth\AuthControllerGeneral@loggedInUserInfo');
   });
});

解决方案

Check you htaccess you should have below code there

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

And AuthContrller is same as https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Controllers/AuthController.php

And Some people forget to check Authenticate middleware. Check this also

https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Middleware/Authenticate.php

I suggest first try with default route as in demo https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/routes.php

And still you not get the solution then try with sample client end folder. https://github.com/sahat/satellizer/tree/master/examples/client

Which you can put in your laravel public folder just to test.

I found everything working fine in satellizer but some people fails in configuring this.

这篇关于不明原因JWT令牌无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！