堆栈内存溢出
  简体   繁体   English

jwt中过期时如何刷新令牌

[英]how to refresh token when expired in jwt

 原文  2018-09-06 13:15:20       angularjs/ node.js/ jwt

问题描述

I am implementing JWT in my project. 我在我的项目中实施JWT。 I implemented jwt and gave it an expiration time of 1 minute. 我实现了jwt,并给了它1分钟的到期时间。 The jwt that is generated from the api side is during login and the token and expiration details are sent in the result and are stored in local storage. 从api端生成的jwt在登录期间,并且令牌和到期详细信息在结果中发送并存储在本地存储中。 How can I refresh the expired token from API side and send it back again to the client so that it can be stored in local storage and sent for every call using interceptor? 如何从API端刷新过期的令牌并将其再次发送回客户端,以便可以将其存储在本地存储中并使用拦截器为每次调用发送?

this is how I created jwt and gave expiration time 这就是我创建jwt并赋予到期时间的方式 

// let us suppose this is my input
tokenObject = { User: { username: name, pwd: pwd } };
//creating a jwt here
jwt.sign({ tokenObject }, "secretkey", { expiresIn: "60s" }, (err, token) => {
  res.json({
    token
  });
});

After this, I'm verifying the token in the result and sending it in result to the client. 之后,我要验证结果中的令牌并将其发送到客户端。 After a minute how do I regenerate the token? 一分钟后,我如何重新生成令牌? Please help and let me know the way and tell me if I am doing something wrong . 请帮忙,让我知道路,并告诉我我做错了什么。 Thanks!! 谢谢!!

2 个解决方案

解决方案1
 2  2018-09-06 13:23:32

You need to add a function or middleware that will check that the JWT is valid or not. 您需要添加一个功能或中间件,以检查JWT是否有效。 You can use the verify method of JWT library: 您可以使用JWT库的verify方法: 

jwt.verify(token, 'secretKey', function (err, decoded) {
  if (err) {
    if (err.name === 'TokenExpiredError') {
       //create a new token and send the same way you created initially
    }
  }
});

解决方案2
 0  2018-09-06 13:31:07

You can create an API that accepts a JWT token, validates it and then issues a new token for the same user. 您可以创建一个接受JWT令牌的API,对其进行验证,然后为同一用户颁发新令牌。

Take a look at the verify method of jsonwebtoken . 看一看jsonwebtokenverify方法。 While verifying the token you can use ignoreExpiration: true option to verify the expired token as well. 在验证令牌时,您也可以使用ignoreExpiration: true选项来验证过期的令牌。 Then then generate the new one using sign method. 然后使用sign方法生成一个新的。
So while making the request from the frontend, if you get a token expired error, then you issue a new token using that API and save that token. 因此,在从前端发出请求时,如果收到令牌过期错误,则可以使用该API发行新令牌并保存该令牌。

With that said, I do recommend you to take a look at the note about refreshing the JWT token from the docs : 话虽如此,我建议您阅读有关从docs刷新JWT令牌的说明:

First of all, we recommend to think carefully if auto-refreshing a JWT will not introduce any vulnerability in your system. 首先,我们建议您仔细考虑一下,如果自动刷新JWT不会在您的系统中引入任何漏洞。

We are not comfortable including this as part of the library, however, you can take a look to this example to show how this could be accomplished. 我们不愿意将此作为库的一部分,但是,您可以看一下此示例以说明如何实现。 Apart from that example there are an issue and a pull request to get more knowledge about this topic. 除了该示例外,还有一个问题和请求请求,以获取有关此主题的更多知识。

Here is the link of the gist that has the code. 这是包含代码的要点的链接

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在AngularJS中刷新过期的jwt令牌 - How to refresh expired jwt token in AngularJS 过期后如何刷新JWT令牌(Angular 1.5 + Laravel 5.2) - How to refresh JWT token after expired ( Angular 1.5 + Laravel 5.2) AngularJS:在401响应上刷新过期的JWT令牌 - AngularJS: Refresh expired JWT token on 401 response 如何在machinepack-jwt中捕获令牌是否已过期 - How to catch the whether the token is expired or not in machinepack-jwt 如何使用angularjs中的拦截器刷新JWT令牌? - How to refresh JWT token using interceptors in angularjs? Angular-刷新JWT令牌 - Angular - refresh jwt token 刷新令牌刷新jwt后如何刷新数据 - How to refresh data after refresh token refreshes jwt 如何在 nodejs/angular 中保护 JWT 令牌和刷新令牌 - How to secure JWT token and refresh token in nodejs/angular 我的令牌过期且未经授权时如何注销? - How to logout when my token is expired and unauthorized? 页面刷新时,Satellizer登录JWT令牌消失 - Satellizer login JWT token is gone when page refresh
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM