刷新令牌 Jsonwebtoken [英] Refresh Token Jsonwebtoken
问题描述
我在 NodeJs API 应用程序中使用 jsonwebtoken 来验证我的 API 应用程序中的用户.我设置的流程如下:
1) 用户通过注册 API 进行注册,并使用以下方式生成访问令牌:
var jwt = require('jsonwebtoken');var token = jwt.sign(user, _conf.authentication.superSecret, {expiresIn: 1440//我打算保持简短.});
2) 例如,令牌会在 24 小时后过期.此令牌返回给客户端移动应用程序,用作所有后续 API 请求中的标头.
我想知道如何使用 jwt 的刷新令牌.目前我没有刷新令牌的机制.因此,如果令牌在 24 小时内到期,我希望客户端(移动应用程序)能够请求新的访问令牌.提前致谢.
我在一个项目中遇到了同样的问题.
1) 我创建了刷新令牌并在用户登录时返回它(使用 jsonwebtoken).我与用户一起保存了刷新令牌.
2) 当客户端使用过期的令牌发送请求时,服务器返回 401.
3) 我实现了一个新路径来刷新令牌.它接收刷新令牌和用户作为参数并返回一个新令牌(jsonwebtoken).
4)(可选)您可以实现一种机制来使刷新令牌无效,以防有人窃取它
我的实现基于这篇文章,非常好的片段:
希望能帮到你
I am using jsonwebtoken in NodeJs API application for authenticating user in my API application. The flow that I have setup is as follows:
1) The user registers through signup API and the access token is generated using the following:
var jwt = require('jsonwebtoken');
var token = jwt.sign(user, _conf.authentication.superSecret, {
expiresIn: 1440 // I intend to keep it short.
});
2) The token expires in 24 hours for example. This token is returned to the client mobile application to use as header in all the subsequent API requests.
I want to know how do I work around with refresh token for jwt. Currently I don't have a mechanism for refreshing token. Hence if the token expires in 24 hours I want the client (mobile app) to be able to request a new access token. Thanks in advance.
I had same problem in a project.
1) I created the refresh token and returned it when user signed in (with the jsonwebtoken). I saved the refresh token with the user.
2) When client send a request with the expired token, server returns 401.
3) I implemented a new path to refresh the token. It receives the refresh token and the user as param and returns a new token (jsonwebtoken).
4) (optional) You can implement a mechanism for invalidating a refresh token, in case someone stole it
I based my implementation in this post, really good snippets:
Refresh token in JWT (Node.js implementation)
Hope it helps
这篇关于刷新令牌 Jsonwebtoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!