我开发了一个API,但是令牌过期有问题,我尝试找到刷新API发送的令牌的方法,但没有发现任何问题 这是我的用户mdoal:
<?php
namespace App;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password','username','lastname','tel','tel',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* @return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
这是我的loginController
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use App\User;
use JWTFactory;
use JWTAuth;
use Validator;
class APILoginController extends Controller
{
//
public function login( Request $request){
$validator = Validator::make($request -> all(),[
'email' => 'required|string|email|max:255',
'password'=> 'required'
]);
if ($validator -> fails()) {
# code...
return response()->json($validator->errors());
}
$credentials = $request->all('email','password');
try{
if (! $token = JWTAuth::attempt( $credentials) ) {
# code...
return response()->json( ['error'=> 'invalid username and password'],401);
}
}catch(JWTException $e){
return response()->json( ['error'=> 'could not create token'],500);
}
$currentUser = Auth::user();
return response()->json( ['user'=> $currentUser,'token'=>compact('token')],200);
///return response()->json( compact('token'));
}
}
我在github中找到了创建自定义中间件的解决方案,当令牌过期时,刷新的令牌将添加到响应头中。该应用仅需要搜索响应中是否包含此信息,如果是,则更新保存的令牌。
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RedirectIfAuthenticated
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next)
{
try
{
if (! $user = JWTAuth::parseToken()->authenticate() )
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
}
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
return response()->json([
'code' => 103, // means not refreshable
'response' => null // nothing to show
]);
}
}
catch (JWTException $e)
{
return response()->json([
'code' => 101 ,//, means auth error in the api,
'response' => null // nothing to show
]);
}
// Login the user instance for global usage
Auth::login($user, false);
return $next($request);
}
}
答案 0 :(得分:2)
因此,您使用普通的PHP方法在Laravel中间件中设置标头,将无法正常工作。
您应该检查以下内容: https://github.com/tymondesigns/jwt-auth/blob/develop/src/Http/Middleware/BaseMiddleware.php
https://github.com/tymondesigns/jwt-auth/blob/develop/src/Http/Middleware/RefreshToken.php
基本上,更改:
header('Authorization: Bearer ' . $refreshed);
到
$response = $next($request);
$response->headers->set('Authorization', 'Bearer '.$token);
以下是问题,此方法无法按预期工作,因为这种“ AfterMiddleware”是在请求通过您的应用程序后执行的。所以: