堆栈内存溢出
  简体   繁体   English

Laravel / Lumen Auth JWT令牌在后续请求中无效,它可能已过期?

[英]Laravel/Lumen Auth JWT token not valid in subsequent requests, is it possibly expired?

 原文  2018-09-10 05:16:01       php/ authorization/ jwt/ lumen

问题描述

I have an app that uses Laravel/Lumen and its Auth guard JWT tokens for login. 我有一个使用Laravel / Lumen及其Auth Guard JWT令牌登录的应用程序。

I send a request to 我向发送请求 

  http://myserver.com/authenticate

and I get a token in response. 我得到一个令牌作为回应。

Then when I use this token in subsequent requests 然后当我在后续请求中使用此令牌时 

  http://myserver.com/users

with the token in the header 标头中带有令牌 

  Authorization  :  Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJjbG96ZXJ0b29sc1YyIiwianRpIjoiNTBiMjE1MjllZGIxMmI4OGJlYTJmOTQxMTViNjc2NmYiLCJpYXQiOjE1MzY1NTU3NzEsIm5iZiI6MTUzNjU1NTc3NiwiZXhwIjoxNTM2NTcwOTc2LCJkYXRhIjp7ImVtYWlsIjoia3lsZWtvb3BtYW5AZ21haWwuY29tIiwiYXZhdGFyIjoiIiwiZmlyc3RfbmFtZSI6Ikt5bGUiLCJsYXN0X25hbWUiOiJLb29wbWFuIiwiaWQiOjMzNH0sInN1YiI6MzM0fQ.p20K56BW0c_J-xlk9gV6wDFafxgNuKUOmgk-4ExKhh9qPw79R0bpm-QbnVQFtYlatB_MjLYK1NdUt5GlGaOE9w

The request obviously usually comes back with a 200, (on my local server anyways) However, on my production server all subsequent requests with the provided token come back with a 401 / Unauthorized 显然,该请求通常返回200(无论如何在我的本地服务器上),但是,在我的生产服务器上,带有提供的令牌的所有后续请求都返回401 /未经授权

All the settings are the same on both servers. 两台服务器上的所有设置都相同。

I have this in my .env on both my production server, and local server. 我的生产服务器和本地服务器上的.env中都包含此文件。 

 JWT_KEY=yUyg2oo3M2N0Lf0CnsbG1ztsL1ovA70K
 JWT_EXPIRE_AFTER=15200
 JWT_ISSUER=mysite
 JWT_ID_FIELD=id
 JWT_NBF_DELAY=25
 DB_TIMEZONE=+00:00
 APP_TIMEZONE=UTC

My assumption is that it has something to do with expiry and/or server time. 我的假设是它与到期时间和/或服务器时间有关。
Like I think that the token is coming back already expired, therefore on the subsequent request it is invalid. 就像我认为令牌返回已经过期一样,因此在后续请求中它无效。

Am I correct in thinking this is where the issue lies? 我以为这是问题所在吗? And how do I go about fixing it/testing it? 我该如何修复/测试呢?

1 个解决方案

解决方案1
 0  

You can visit https://jwt.io and paste your token into the encoded field to get back the expire date and check then in the developer console 您可以访问https://jwt.io并将令牌粘贴到编码字段中以获取到期日期,然后在开发人员控制台中进行检查 

const currentTime = Date.now() / 1000

if( exp < currentTime) {
  // is expired
}

I have something like this in my code: 我的代码中有这样的内容: 

const checkExpiredJwtDate = token => {
  const base64Url = token.split('.')[1];
  const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
  const jwtObject = JSON.parse(window.atob(base64))
  const currentTime = Date.now() / 1000;
  if (jwtObject.exp < currentTime) {
    // is expired...
  }
};

How to decode jwt token in javascript 如何在JavaScript中解码jwt令牌

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JWT / LARAVEL令牌已过期 - JWT/LARAVEL token expired JWT 令牌过期 PHP Laravel - JWT Token Expired PHP Laravel 为什么所有令牌在laravel中使用jwt auth都有效 - Why all token is valid using jwt auth in laravel Laravel Tymon \\ JWT Auth:在身份验证之前检查未完成的有效令牌? - Laravel Tymon\JWT Auth: Check for Outstanding Valid Token Before Authentication? JWT / LARAVEL 5.6刷新过期令牌 - JWT/LARAVEL 5.6 refresh expired token 在 Lumen 5.4 中注销后 JWT 身份验证令牌不会失效 - JWT Auth token not invalidating after logout in Lumen 5.4 tymondesigns/jwt-auth:如何创建过期的令牌? - tymondesigns/jwt-auth: how create an expired token? 如果令牌,Laravel JWT Auth 获取用户 - Laravel JWT Auth fetch user if token laravel jwt-auth 令牌无效 - laravel jwt-auth Token is Invalid Laravel 通过生成的令牌进行身份验证,无需护照和 jwt - Laravel auth by generated token without passport and jwt
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM