*封面图像最初是由geralt进行的,并以非常感谢。
概括
您是否对PHP或Symfony的JSON Web令牌(JWT)身份验证和授权感兴趣,它是其框架之一?
如果是这样,此帖子可能会有所帮助:
好吧,每个访问令牌的寿命应在实际期限内短暂,以减轻模仿风险。
但是,当访问令牌过期时,我们该怎么办?再次向用户请求身份验证信息?在许多情况下,它必须不便,不是ð
那是刷新令牌介入的地方。
这篇文章展示了如何与JWTRefreshTokenBundle进行对称。
我们去。
环境
- Alpine Linux 3.16 (on Docker)
- PHP 8.1
- symfony 6.1
- LexikJWTAuthenticationBundle 2
- jwtrefreshtokenbundle 1.1
- MariaDB 10.9
教程
概述
请记住,您需要安装LexikjwtauthenticationBundle并事先配置您的应用程序。
这里的步骤如下:
- 安装捆绑包
- PHP 8特定操作(当前)
- 更新数据库
- 配置
- Testing
1.安装捆绑包
JWTRefreshTokenBundle几乎与composer一起掌握在您手中。运行:
$ composer require gesdinet/jwt-refresh-token-bundle
输出以:
开始
Info from https://repo.packagist.org: #StandWithUkraine
Using version ^1.1 for gesdinet/jwt-refresh-token-bundle
./composer.json has been updated
Running composer update gesdinet/jwt-refresh-token-bundle
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
- Locking gesdinet/jwt-refresh-token-bundle (v1.1.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
- Downloading gesdinet/jwt-refresh-token-bundle (v1.1.1)
- Installing gesdinet/jwt-refresh-token-bundle (v1.1.1): Extracting archive
Generating optimized autoload files
116 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
然后是:
Symfony operations: 1 recipe (44a1f19720c3d647b7a54653d52ca981)
- WARNING gesdinet/jwt-refresh-token-bundle (>=1.0): From github.com/symfony/recipes-contrib:main
The recipe for this package comes from the "contrib" repository, which is open to community contributions.
Review the recipe at https://github.com/symfony/recipes-contrib/tree/main/gesdinet/jwt-refresh-token-bundle/1.0
仔细阅读警告并输入“ y”以继续:
Do you want to execute this recipe?
[y] Yes
[n] No
[a] Yes for all packages, only for the current installation session
[p] Yes permanently, never ask again for this project
(defaults to n): y
其余的是:
- Configuring gesdinet/jwt-refresh-token-bundle (>=1.0): From github.com/symfony/recipes-contrib:main
Executing script cache:clear [OK]
Executing script assets:install public [OK]
What's next?
Some files have been created and/or updated to configure your new packages.
Please review, edit and commit them: these files are yours.
No security vulnerability advisories found
2.将其改编为PHP 8(当前)
好吧,有一个问题。默认情况下,它不熟悉PHP 8和Symfony 6,因为它使用了annotations。但是,没有Symfony Flex的必要条件是attributes。
要修复它,编辑src/Entity/RefreshToken.php
:
- /**
- * @ORM\Entity
- * @ORM\Table("refresh_tokens")
- */
+ #[ORM\Entity]
+ #[ORM\Table(name: 'refresh_token')]
然后运行:
$ composer install
3.更新数据库
您也许熟悉这些命令行。运行它们:
$ php bin/console make:migration
$ php bin/console doctrine:migrations:migrate
4.为刷新令牌配置路线和防火墙
编辑config/routes.yaml
# ...
jwt_auth:
path: /auth
+ jwt_refresh:
+ path: /auth/refresh
然后编辑config/packages/security.yaml
security:
# ...
firewalls:
# ...
jwt_auth:
pattern: ^/auth
stateless: true
json_login:
check_path: jwt_auth
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
jwt: ~
+ refresh_jwt:
+ check_path: jwt_refresh
# ...
# Note: Only the *first* access control that matches will be used
access_control:
# ...
- { path: ^/auth, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
另外,您可能需要集成AUTH和使用的API路由:
security:
# ...
firewalls:
# ...
api:
pattern: ^/api
stateless: true
json_login:
check_path: jwt_auth
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
jwt: ~
entry_point: jwt
refresh_jwt:
check_path: jwt_refresh
就是这样!
5.让我们玩:与JWT访问API
就像my previous post一样,与curl连接到 /auth以获取令牌:
$ curl -X POST \
-H "Content-Type: application/json" \
-d '{"username":"your-username","password":"your-password"}' \
https://your-domain/auth
您将获得刷新令牌和访问令牌。
{"token":"xxx.xxx.xxx","refresh_token":"xxx"}
gotchað
让我们尝试一些刷新令牌!
缺少ð©:
的情况
$ curl -X POST \
https://(your-domain)/auth/refresh
{"code":401,"message":"Missing JWT Refresh Token"}
无效的情况ð©:
$ curl -X POST \
-d refresh_token="wrong-value" \
https://(your-domain)/auth/refresh
{"code":401,"message":"JWT Refresh Token Not Found"}
有效的情况ð:
$ curl -X POST \
-d refresh_token="xxx" \
https://(your-domain)/auth/refresh
{"token":"xxx.xxx.xxx","refresh_token":"xxx"}
是的