如果令牌过期怎么办
[英]What to do if token expired
问题描述
I have communicate with API using retrofit. 
我已经使用改型与API通信。 When the user is log in, I save account to database and when the user go to app next time, I get data from database (so I skipped login screen). 当用户登录时,我将帐户保存到数据库中,而当用户下次访问应用程序时,我从数据库中获取数据(因此我跳过了登录屏幕)。 Problem is when user's token expires. 问题是用户的令牌到期时。 How to handle the situation? 情况如何处理?
in login fragment PSEUDOCODE 在登录片段 PSEUDOCODE中
user = ... //get user from database
if(user != null) {
startActivityAccountActivity();
}
//onButtonClick
emailLogin();
2 个解决方案
解决方案1
1 2016-09-08 10:47:00
It depends on your back end security level. 这取决于您的后端安全级别。 You have two options to handle this situation. 您有两种选择来处理这种情况。
Build some mechanism on back end side so that your server will send some
refresh-tokenalong with theuser's tokenat the time of login to Android device.在后端构建一些机制,以便您的服务器在登录Android设备时将发送一些refresh-token以及user's token。 Whenever user's token get expired then request from Android device to your server to obtainnew user's tokenby sendingold user's tokenalong withrefresh-token.每当用户的令牌到期时, new user's token通过将old user's token和refresh-token一起发送,从Android设备请求服务器获取new user's tokenrefresh-token。 And you can use thatnew user's tokenfor future.而且,您可以在将来使用该new user's token。 Repeat this wheneveruser's tokenget expired.每当user's token过期时,请重复此user's token。Note -
refresh-tokenis for validating if it is valid resource who is requesting for auser's token.Note- refresh-token用于验证请求user's token资源是否有效。You can delete the user account from database and tell user to Re-Login.
您可以从数据库中删除该用户帐户,并告诉用户重新登录。
解决方案2
1 已采纳 2016-09-08 10:47:42
Don't go to your "logged in" activity just because you have a token saved, because as you have correctly noticed, it may be invalid. 不要仅仅因为保存了令牌就去了“已登录”活动,因为正确地注意到它可能无效。 Try authenticating with the API when you get the token, and only go to the "logged in" activity if it indeed worked. 获取令牌时,请尝试使用API进行身份验证,如果确实有效,请仅进入“已登录”活动。 Otherwise proceed as if there was no token saved (and remove the expired one from the database). 否则,就像没有保存任何令牌一样继续操作(并从数据库中删除过期的令牌)。
You should also note that the token may expire when the user is in the "logged in" activity. 您还应该注意,当用户处于“已登录”活动中时,令牌可能会过期。 For example, the user logged in, used the app and then went to another app from the recents screen. 例如,用户登录,使用了该应用程序,然后从“最近”屏幕转到了另一个应用程序。 A week later he/she returns to your app with the "logged in" activity open, but in the mean time the token has expired and nothing will work. 一周后,他/她在打开“已登录”活动的情况下返回到您的应用程序,但与此同时,令牌已过期,因此无法使用。 So you should also check if the token still works there, maybe in the onStart() of the activity. 因此,您还应该检查令牌是否仍在那里工作,也许在活动的onStart()中。
As indramurari said, you can also handle it on the backend if you control it. 正如indramurari所说,如果您控制它,也可以在后端处理它。 But keep in mind that it doesn't solve your inherent problem of handling expired tokens, a refresh token may also expire and you are back to square one. 但是请记住,它不能解决您处理过期令牌的固有问题,刷新令牌也可能过期,您将回到第一个问题。 If you make refresh tokens not expire you can just make the login tokens not expire. 如果您使刷新令牌不过期,则可以使登录令牌不过期。 (This paragraph would be a comment on his answer, but I don't have enough reputation.) (本段将是对他的回答的评论,但我的声誉不足。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.