[英]Angularjs and slim framework JWT authentication and token refresh flow
I would like to know if what I've done so far is a sound way of authenticating/renewing the token and if there are any flaws or vulnerabilities that I should be aware of as I tried to limit database interaction to nil. 我想知道到目前为止,我是否做过一种可靠的身份验证/续订令牌的方法,以及在尝试将数据库交互限制为零时是否应该意识到任何缺陷或漏洞。 Here goes.
开始。
NB: SSL will be implemented in production 注意:SSL将在生产中实施
Bounty awarded to @Valdas as he was the only one who actually answered 赏金授予@Valdas,因为他是唯一实际回答的人
There is no need to loop token expiration checking. 无需循环令牌过期检查。 I use https://github.com/auth0/angular-jwt as a library for my Angular projects, which provides a way to refresh token just before the HTTP request is fired, simplifying auth mechanism.
我将https://github.com/auth0/angular-jwt用作我的Angular项目的库,该库提供了一种在触发HTTP请求之前刷新令牌的方法,从而简化了auth机制。
Also, you could remove token from request if its loading a template (ends with .html), but this is just a personal preference. 另外,如果令牌加载了模板(以.html结尾),则可以从请求中删除令牌,但这只是个人喜好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.