代码之家 › 专栏 › 技术社区 › Javed

Laravel:JWT令牌已过期

laravel-5.5 jwt laravel

Javed · 技术社区 · 6 年前

我正在使用 tymondesigns/jwt-auth 我的应用程序包,但它已显示 token expired 一段时间后的消息。我已经设置好了 'ttl' => null 并删除 exp 但它没有起作用。

这是我的 config/jwt.php

<?php

/*
* This file is part of jwt-auth.
*
* (c) Sean Tymon <tymon148@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

return [

/*
|--------------------------------------------------------------------------
| JWT Authentication Secret
|--------------------------------------------------------------------------
|
| Don't forget to set this in your .env file, as it will be used to sign
| your tokens. A helper command is provided for this:
| `php artisan jwt:secret`
|
| Note: This will be used for Symmetric algorithms only (HMAC),
| since RSA and ECDSA use a private/public key combo (See below).
|
*/
// 'secret' => 'my-dummy-jwt-token',
'secret' => 'key',

/*
|--------------------------------------------------------------------------
| JWT Authentication Keys
|--------------------------------------------------------------------------
|
| The algorithm you are using, will determine whether your tokens are
| signed with a random string (defined in `JWT_SECRET`) or using the
| following public & private keys.
|
| Symmetric Algorithms:
| HS256, HS384 & HS512 will use `JWT_SECRET`.
|
| Asymmetric Algorithms:
| RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below.
|
*/

'keys' => [

    /*
    |--------------------------------------------------------------------------
    | Public Key
    |--------------------------------------------------------------------------
    |
    | A path or resource to your public key.
    |
    | E.g. 'file://path/to/public/key'
    |
    */

    'public' => env('JWT_PUBLIC_KEY'),

    /*
    |--------------------------------------------------------------------------
    | Private Key
    |--------------------------------------------------------------------------
    |
    | A path or resource to your private key.
    |
    | E.g. 'file://path/to/private/key'
    |
    */

    'private' => env('JWT_PRIVATE_KEY'),

    /*
    |--------------------------------------------------------------------------
    | Passphrase
    |--------------------------------------------------------------------------
    |
    | The passphrase for your private key. Can be null if none set.
    |
    */

    'passphrase' => env('JWT_PASSPHRASE'),

],

/*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour.
|
| You can also set this to null, to yield a never expiring token.
| Some people may want this behaviour for e.g. a mobile app.
| This is not particularly recommended, so make sure you have appropriate
| systems in place to revoke the token if necessary.
|
*/

//'ttl' => env('JWT_TTL', 60),
 'ttl' => null,

/*
|--------------------------------------------------------------------------
| Refresh time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token can be refreshed
| within. I.E. The user can refresh their token within a 2 week window of
| the original token being created until they must re-authenticate.
| Defaults to 2 weeks.
|
| You can also set this to null, to yield an infinite refresh time.
| Some may want this instead of never expiring tokens for e.g. a mobile app.
| This is not particularly recommended, so make sure you have appropriate
| systems in place to revoke the token if necessary.
|
*/

'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),

/*
|--------------------------------------------------------------------------
| JWT hashing algorithm
|--------------------------------------------------------------------------
|
| Specify the hashing algorithm that will be used to sign the token.
|
| See here: https://github.com/namshi/jose/tree/master/src/Namshi/JOSE/Signer/OpenSSL
| for possible values.
|
*/

'algo' => env('JWT_ALGO', 'HS256'),

/*
|--------------------------------------------------------------------------
| Required Claims
|--------------------------------------------------------------------------
|
| Specify the required claims that must exist in any token.
| A TokenInvalidException will be thrown if any of these claims are not
| present in the payload.
|
*/

'required_claims' => [
    'iss',
    'iat',
   'nbf',
    'sub',
    'jti',
],
 //'exp', remove token expire time

/*
|--------------------------------------------------------------------------
| Persistent Claims
|--------------------------------------------------------------------------
|
| Specify the claim keys to be persisted when refreshing a token.
| `sub` and `iat` will automatically be persisted, in
| addition to the these claims.
|
| Note: If a claim does not exist then it will be ignored.
|
*/

'persistent_claims' => [
    // 'foo',
    // 'bar',
],

/*
|--------------------------------------------------------------------------
| Blacklist Enabled
|--------------------------------------------------------------------------
|
| In order to invalidate tokens, you must have the blacklist enabled.
| If you do not want or need this functionality, then set this to false.
|
*/

'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),

/*
| -------------------------------------------------------------------------
| Blacklist Grace Period
| -------------------------------------------------------------------------
|
| When multiple concurrent requests are made with the same JWT,
| it is possible that some of them fail, due to token regeneration
| on every request.
|
| Set grace period in seconds to prevent parallel request failure.
|
*/

'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),

/*
|--------------------------------------------------------------------------
| Providers
|--------------------------------------------------------------------------
|
| Specify the various providers used throughout the package.
|
*/

'providers' => [

    /*
    |--------------------------------------------------------------------------
    | JWT Provider
    |--------------------------------------------------------------------------
    |
    | Specify the provider that is used to create and decode the tokens.
    |
    */

    'jwt' => Tymon\JWTAuth\Providers\JWT\Namshi::class,

    /*
    |--------------------------------------------------------------------------
    | Authentication Provider
    |--------------------------------------------------------------------------
    |
    | Specify the provider that is used to authenticate users.
    |
    */

    'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class,

    /*
    |--------------------------------------------------------------------------
    | Storage Provider
    |--------------------------------------------------------------------------
    |
    | Specify the provider that is used to store tokens in the blacklist.
    |
    */

    'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class,

],

 ];

删除过期时间是否有其他设置?

3 回复 | 直到 6 年前

Stephen Rauch Afsar Ali 6 年前

你可以这样做

'ttl' => env('JWT_TTL', 1440)

将默认值60更改为1440将使代币持续一天,这对我有用,希望对您有所帮助

M Behlole Aqil 4 年前

您可以这样做,并使用令牌到期的动态计时

 auth()->attempt($credentials, ['exp' => Carbon::now()->addYears(2)->timestamp])

或者这个

auth()->attempt($credentials, ['exp' => Carbon::now()->addMonths(2)->timestamp])

使用碳作为代币到期时间

Zenryo 3 年前

如果是这样,我想通过如果令牌过期。。。您可以将此代码放在中间件中。。

public function handle($request, Closure $next, $guard = null)
{
    $token =  JWTAuth::getToken();
    try {
        $user = JWTAuth::authenticate($token);
    } catch (\Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
        return $next($request);
    } catch (\Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
        return response()->json([
            'status' => 500,
            'message' => 'Token Invalid',
        ], 500);
    } catch (\Tymon\JWTAuth\Exceptions\JWTException $e) {
        return response()->json([
            'status' => 500,
            'message' => $e->getMessage(),
        ], 500);
    }
    return $next($request);
}

别忘了包括JWTAuth。。。在代码顶部。。。

use Tymon\JWTAuth\Facades\JWTAuth;