在Passportjs中刷新JWT令牌
[英]Refreshing JWT token in Passportjs
问题描述
我使用的是passport-openidconnect策略,虽然运行良好,但会话到期时间短了3600秒,我认为它不会改变。
我会使用刷新令牌获取另一个令牌ID吗?
如果我在哪里,我会在这样的东西中添加那个逻辑? https://github.com/passport/express-4.x-openidconnect-example/blob/master/server.js
1 个解决方案
解决方案1
4 2019-05-03 01:40:35
会话到期可以从身份验证提供程序端配置。 例如,假设您使用auth0作为身份验证提供程序,则可以在应用程序设置中配置token超时( https://auth0.com/docs/tokens/guides/access-token/set-access-token-lifetime )
就refresh token而言,护照本身并不支持它,而且我们可以实现它。 对于auth0,您可以按照https://auth0.com/docs/tokens/refresh-token/current上的流程续订令牌。 我粘贴了该链接的代码:
var request = require("request");
var options = { method: 'POST',
url: 'https://YOUR_DOMAIN/oauth/token',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
form:
{ grant_type: 'refresh_token',
client_id: 'YOUR_CLIENT_ID',
client_secret: 'YOUR_CLIENT_SECRET',
refresh_token: 'YOUR_REFRESH_TOKEN' } };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
或者您可以使用附加护照https://github.com/fiznool/passport-oauth2-refresh
var passport = require('passport'),
, refresh = require('passport-oauth2-refresh')
, FacebookStrategy = require('passport-facebook').Strategy;
var strategy = new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://www.example.com/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
// Make sure you store the refreshToken somewhere!
User.findOrCreate(..., function(err, user) {
if (err) { return done(err); }
done(null, user);
});
});
passport.use(strategy);
refresh.use(strategy);
var refresh = require('passport-oauth2-refresh');
refresh.requestNewAccessToken('facebook', 'some_refresh_token', function(err, accessToken, refreshToken) {
// You have a new access token, store it in the user object,
// or use it to make a new request.
// `refreshToken` may or may not exist, depending on the strategy you are using.
// You probably don't need it anyway, as according to the OAuth 2.0 spec,
// it should be the same as the initial refresh token.
});
使用Angular Interceptor的JWT过期令牌处理不断刷新
[英]JWT expired token handling with Angular Interceptor keeps refreshing
如何在 jwt 令牌到期后发送和验证刷新令牌而不刷新页面
[英]How to send and verify refresh token after expiration of jwt token without refreshing page
使用 Axios 拦截器和 httpOnly cookies 请求自动刷新过期 JWT 令牌的正确工作流程
[英]Proper workflow for refreshing expired JWT token automatically on request using Axios interceptor and httpOnly cookies
使用PassportJS,SequelizeJS和JWT令牌时req.user是未定义的
[英]req.user is undefined when using PassportJS, SequelizeJS and JWT tokens
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.