Laravel jwt 身份验证方法(我的解决方案好吗?)
[英]Laravel jwt authentication howto (is my solution good?)
问题描述
I have a number of laravel (5.4) apps.
我有许多 Laravel (5.4) 应用程序。
The main app handles the registration, login, etc. Another apps need to use the main app's users table and authentication, so if somebody logs in the main app, the other apps should see him/her as a logged in user.主应用程序处理注册、登录等。另一个应用程序需要使用主应用程序的用户表和身份验证,因此如果有人登录主应用程序,其他应用程序应该将他/她视为登录用户。
Working on this for a while, came up with JWT athentication (as another node.js app already uses this method to authenticate with the main laravel app).研究了一段时间,提出了 JWT 身份验证(因为另一个 node.js 应用程序已经使用此方法与主 Laravel 应用程序进行身份验证)。 In node.js it is done with ajax, for example node app calls https://www.mainapp.com/token , and gets back a jwt token if present, then node decrypts this, and everything goes on.在 node.js 中,它是通过 ajax 完成的,例如 node app 调用https://www.mainapp.com/token ,如果存在,则返回 jwt 令牌,然后节点对其进行解密,然后一切继续。
As all laravel apps using the tymon/jwt-auth package, I can do just the same in the other laravel apps too, but seems to me a bit clumsy, is there any better way to share an authentication between apps?由于所有使用 tymon/jwt-auth 包的 Laravel 应用程序,我也可以在其他 Laravel 应用程序中做同样的事情,但在我看来有点笨拙,有没有更好的方法在应用程序之间共享身份验证? Or a server-side solution?还是服务器端解决方案?
1 个解决方案
解决方案1
0 2019-07-18 07:18:18
Your JWT is using your unique JWT_SECRET .您的 JWT 正在使用您独特的JWT_SECRET 。 So as soon as all your env files are running with the same env value for the JWT_SECRET you just have to use a middleware to check THE token and authenticate the user.因此,只要您的所有 env 文件都使用JWT_SECRET的相同 env 值运行,您只需使用中间件来检查令牌并验证用户身份。
Also your JWT has quite a few parameters which you can investigate but some of the most important is the exp which is the expiration time and the sub which is the user id coming from your users table.此外,您的 JWT 有很多您可以调查的参数,但其中一些最重要的是exp ,它是过期时间,而sub是来自您的用户表的用户 ID。 So you got pretty much all the info you need.所以你得到了几乎所有你需要的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.