如何在Web API中处理JWT令牌过期而不登出?

huangapple go评论73阅读模式
英文:

How to handle JWT Token expiry in web API without logging out?

问题

当令牌通过向 Web API 发送 HTTP 请求生成,并且用户已经开始在生成令牌的应用程序的特定会话中使用该令牌时,如果应用程序向 Web API 发出的任何 HTTP 请求期间 JWT 令牌过期,WEB API 将不会返回数据。在应用程序中如何处理这种情况,以确保不会出现任何错误或不会打扰用户,以便继续该请求?
即使我们生成了一个刷新令牌,如何在不打扰用户的情况下继续相同的 HTTP 请求?
(如果我们将生成的令牌存储在数据库中,那么我们知道令牌是有效的但已过期)

英文:

When the token is generated by sending a HTTP request to web API & the user has started working on the application that generated token is used in a particular session of the application. If during any HTTP request from the application to web API if JWT token expires WEB API won't return data. How is this situation handled in the application without any misbehavior or without troubling the user how that request will be continued?
And even if we generate a refresh token how to continue with the same HTTP request without troubling the user?
(If we store the generated token in the database then we know the token is valid but expired)

答案1

得分: 0

  1. 编写后端刷新令牌API,并允许已认证用户刷新他们的JWT令牌。
  2. 在前端在请求API之前,解码用户当前的JWT令牌并检查其是否已过期。可以使用 https://www.npmjs.com/package/jwt-decode
  3. 如果令牌已过期,在实际请求之前调用刷新令牌API。

如果您使用Angular或React库,那么有一种称为HTTP拦截器的机制。

有关详细信息,您可以参考以下链接:

  • Angular:https://www.bezkoder.com/angular-12-refresh-token/
  • React:https://www.bezkoder.com/react-refresh-token/
英文:

Try this :

  1. Write backend refresh token API and allow an authenticated user to refresh their JWT token
  2. In Frontend before requesting the API call decode the user's current JWT token and check whether it is expired or not.
    https://www.npmjs.com/package/jwt-decode
  3. If the token expired call the refresh token API before the actual request.

If you are using Angular or React library then there is a mechanism called HTTP_interceptor

https://www.bezkoder.com/angular-12-refresh-token/

https://www.bezkoder.com/react-refresh-token/

答案2

得分: 0

我们还会向用户提供一个刷新令牌,该令牌不包含任何声明,只包括用户名和较长的过期日期。每当令牌过期时,应用程序的安全部分会查看刷新令牌并为该用户名发放一个新令牌。您可以通过设置刷新令牌的生存期来管理程序令牌的发放。

英文:

We also give a refresh token to the user along with the token, which has no claim and only has a username and a long expiration date. Every time the token expires, the security part of the applicationlooks at the refresh token and issues a new token for that username. You can manage the issuance of program tokens by setting the refresh token lifetime

huangapple
  • 本文由 发表于 2023年2月19日 15:19:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/75498570.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定