我在 Laravel 应用程序中使用tymondesigns/jwt-auth包进行身份验证。我的 AuthController 看起来像这样:
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use App\Http\Resources\UserResource;
use Illuminate\Http\Request;
use Tymon\JWTAuth\Contracts\Providers\Auth;
use Tymon\JWTAuth\Facades\JWTAuth;
class AuthController extends Controller {
public $auth;
/**
* Create a new AuthController instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('jwt', ['except' => ['login']]);
}
/**
* Get a JWT via given credentials.
*
* @return \Illuminate\Http\JsonResponse
*/
public function login()
{
$user = \App\User::first();
auth()->byId($user->id);
if (! $token = JWTAuth::fromUser($user)) {
return response()->json(['error' => 'Unauthorized'], 401);
}
return $this->respondWithToken($token);
}
/**
* Get the authenticated User.
*
* @return \Illuminate\Http\JsonResponse
*/
public function me()
{
return response()->json(auth()->user());
}
/**
* Log the user out (Invalidate the token).
*
* @return \Illuminate\Http\JsonResponse
*/
public function logout()
{
auth()->logout();
return response()->json(['message' => 'Successfully logged out']);
}
/**
* Refresh a token.
*
* @return \Illuminate\Http\JsonResponse
*/
public function refresh()
{
$token = \Auth::guard()->refresh();
$user = JWTAuth::setToken($token)->toUser();
return $this->respondWithToken($token);
}
/**
* Get the token array structure.
*
* @param string $token
*
* @return \Illuminate\Http\JsonResponse
*/
protected function respondWithToken($token)
{
$responseArray = [
'access_token' => $token,
'user' => new UserResource(auth()->user()),
'token_type' => 'bearer',
'expires_in' => auth()->factory()->getTTL() * 60,
];
return response()->json($responseArray);
}
}
我有一个 JWT 中间件,其handle()方法如下所示:
public function handle($request, Closure $next)
{
JWTAuth::parseToken()->authenticate();
return $next($request);
}
以下是路线:
Route::post('login', 'AuthController@login')->name('login');
Route::post('logout', 'AuthController@logout');
Route::post('refresh', 'AuthController@refresh');
问题是我只能刷新令牌,只要访问令牌没有过期。但是如果我想在访问令牌过期后刷新令牌怎么办?现在,当我/refresh在令牌到期后点击路由时,它只会抛出 TokenExpiredException 。即使访问令牌已过期,我如何刷新令牌?
小智 0
public function token(){
$token = JWTAuth::getToken();
if(!$token){
throw new BadRequestHtttpException('Token not provided');
}
try{
$token = JWTAuth::refresh($token);
}catch(TokenInvalidException $e){
throw new AccessDeniedHttpException('The token is invalid');
}
return $this->response->withArray(['token'=>$token]);
}