简体繁体 English

Django Rest JWT 身份验证 - 刷新令牌

[英]Django Rest JWT authentication - refresh token

原文 2018-09-24 10:56:31 5 1 django/ angular/ algorithm/ authentication/ jwt

I have a problem with my Django REST application and JWT authentication module ( https://jpadilla.github.io/django-rest-framework-jwt ) in phase of refresh token.我的 Django REST 应用程序和 JWT 身份验证模块 ( https://jpadilla.github.io/django-rest-framework-jwt ) 在刷新令牌阶段出现问题。

Default logic of refresh token says that non-expired tokens can be "refreshed" to obtain a brand new token with renewed expiration time .刷新令牌的默认逻辑表示non-expired tokens can be "refreshed" to obtain a brand new token with renewed expiration time 。 Expiration time is setting to BE.到期时间设置为 BE。

JWT framework provides an API for refresh token and you should use that to obtain new token and so expiration time reset every "user action" on web app. JWT 框架提供了一个用于刷新令牌的 API，您应该使用它来获取新令牌，因此过期时间会重置 Web 应用程序上的每个“用户操作”。 This means that every call to BE from my Angular6 SPA must reset expiration time of a token.这意味着每次从我的 Angular6 SPA 调用 BE 都必须重置令牌的过期时间。

I thought three ways to go:我想了三种方法：

1) Every call to BE from FE must call back api to refresh token. 1）FE每次调用BE都必须回调api来刷新token。 This means that number of calls are duplicate always.这意味着调用次数总是重复的。 Not elegant!不优雅！

2) Call api to refresh token according to an alghoritm (in FE) to avoid duplicated calls. 2）根据alghoritm（在FE中）调用api刷新令牌以避免重复调用。 Which alghoritm?哪个算法？

3) Reset expiration time of token to back end every call from FE, and use the same token from FE. 3) 将令牌的到期时间重置为后端每次来自 FE 的调用，并使用来自 FE 的相同令牌。 I can not to do this!我不能这样做！

Any suggestions?有什么建议？

Thanks谢谢

1 个解决方案

You don't need to refresh you token with every api call.您不需要在每次 api 调用时刷新您的令牌。 Only a few minutes before expiration.仅在到期前几分钟。 Most tokens contain the expiration time.大多数令牌都包含到期时间。 So you need to refresh it every time it almost expires.所以你需要在它几乎到期时刷新它。 Something like this: token.expiration - curenttime =< 5 minutes .像这样： token.expiration - curenttime =< 5 minutes 。