我刚刚在我的Laravel / Vue应用程序中实现了JWT身份验证。登录工作正常,但现在我尝试在任何ajax调用返回401时刷新令牌。 我找到了名为axios-token-refresh的不错的程序包,但无法使其正常运行。
这是我的axios配置:
import axios from "axios";
import createAuthRefreshInterceptor from 'axios-auth-refresh';
const $axios = axios.create({
headers: {
'Content-Type': 'application/json'
}
});
$axios.interceptors.request.use(config => {
config.headers['Authorization'] = 'Bearer ' + JSON.parse(localStorage.getItem('user')).token;
return config;
});
// Function that will be called to refresh authorization
const refreshAuthLogic = failedRequest => $axios.post('/api/auth/refresh')
.then(tokenRefreshResponse => {
let userStorage = localStorage.getItem('user'),
user = JSON.parse(userStorage);
user.token = tokenRefreshResponse.data.token;
localStorage.setItem('user', JSON.stringify(user));
failedRequest.response.config.headers['Authentication'] = 'Bearer ' + tokenRefreshResponse.data.token;
return Promise.resolve();
});
// Instantiate the interceptor (you can chain it as it returns the axios instance)
createAuthRefreshInterceptor($axios, refreshAuthLogic);
export default $axios;
第一个问题是,每次我的令牌到期时,此代码饼都会尝试刷新/ api / auth / refresh中的令牌。但是此路由返回未经授权。
我发现问题出在Laravel AuthController中:
public function __construct()
{
$this->middleware('auth:api', ['except' => ['login', 'register']]);
}
当我在此处添加刷新功能时,它也开始起作用。但是,一旦“登录”令牌过期,我就会收到错误消息
The token has been blacklisted
我缺少什么? 可以排除中间件的刷新功能吗? 列入黑名单的令牌呢?