Symfony 6和JWT捆绑包：刷新令牌-DEV365 开发者社区

*封面图像最初是由geralt进行的，并以非常感谢。

概括

您是否对PHP或Symfony的JSON Web令牌（JWT）身份验证和授权感兴趣，它是其框架之一？

如果是这样，此帖子可能会有所帮助：

好吧，每个访问令牌的寿命应在实际期限内短暂，以减轻模仿风险。
但是，当访问令牌过期时，我们该怎么办？再次向用户请求身份验证信息？在许多情况下，它必须不便，不是ð

那是刷新令牌介入的地方。
这篇文章展示了如何与JWTRefreshTokenBundle进行对称。
我们去。

环境

Alpine Linux 3.16 (on Docker)
PHP 8.1
symfony 6.1
LexikJWTAuthenticationBundle 2
jwtrefreshtokenbundle 1.1
MariaDB 10.9

教程

概述

请记住，您需要安装LexikjwtauthenticationBundle并事先配置您的应用程序。

这里的步骤如下：

安装捆绑包
PHP 8特定操作（当前）
更新数据库
配置
Testing

1.安装捆绑包

JWTRefreshTokenBundle几乎与composer一起掌握在您手中。运行：

$ composer require gesdinet/jwt-refresh-token-bundle

输出以：
开始

Info from https://repo.packagist.org: #StandWithUkraine
Using version ^1.1 for gesdinet/jwt-refresh-token-bundle
./composer.json has been updated
Running composer update gesdinet/jwt-refresh-token-bundle
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
  - Locking gesdinet/jwt-refresh-token-bundle (v1.1.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
  - Downloading gesdinet/jwt-refresh-token-bundle (v1.1.1)
  - Installing gesdinet/jwt-refresh-token-bundle (v1.1.1): Extracting archive
Generating optimized autoload files
116 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

然后是：

Symfony operations: 1 recipe (44a1f19720c3d647b7a54653d52ca981)
  -  WARNING  gesdinet/jwt-refresh-token-bundle (>=1.0): From github.com/symfony/recipes-contrib:main
    The recipe for this package comes from the "contrib" repository, which is open to community contributions.
    Review the recipe at https://github.com/symfony/recipes-contrib/tree/main/gesdinet/jwt-refresh-token-bundle/1.0

仔细阅读警告并输入“ y”以继续：

    Do you want to execute this recipe?
    [y] Yes
    [n] No
    [a] Yes for all packages, only for the current installation session
    [p] Yes permanently, never ask again for this project
    (defaults to n): y

其余的是：

  - Configuring gesdinet/jwt-refresh-token-bundle (>=1.0): From github.com/symfony/recipes-contrib:main
Executing script cache:clear [OK]
Executing script assets:install public [OK]

 What's next? 


Some files have been created and/or updated to configure your new packages.
Please review, edit and commit them: these files are yours.

No security vulnerability advisories found

2.将其改编为PHP 8（当前）

好吧，有一个问题。默认情况下，它不熟悉PHP 8和Symfony 6，因为它使用了annotations。但是，没有Symfony Flex的必要条件是attributes。
要修复它，编辑src/Entity/RefreshToken.php：

- /**
-  * @ORM\Entity
-  * @ORM\Table("refresh_tokens")
-  */
+ #[ORM\Entity]
+ #[ORM\Table(name: 'refresh_token')]

然后运行：

$ composer install

3.更新数据库

您也许熟悉这些命令行。运行它们：

$ php bin/console make:migration
$ php bin/console doctrine:migrations:migrate

4.为刷新令牌配置路线和防火墙

编辑config/routes.yaml

  # ...
  jwt_auth:
      path: /auth
+ jwt_refresh:
+     path: /auth/refresh

然后编辑config/packages/security.yaml

  security:
      # ...
      firewalls:
          # ...
          jwt_auth:
              pattern: ^/auth
              stateless: true
              json_login:
                  check_path: jwt_auth
                  success_handler: lexik_jwt_authentication.handler.authentication_success
                  failure_handler: lexik_jwt_authentication.handler.authentication_failure
          api:
              pattern: ^/api
              stateless: true
              jwt: ~
+             refresh_jwt:
+                 check_path: jwt_refresh
          # ...
     # Note: Only the *first* access control that matches will be used
     access_control:
         # ...
         - { path: ^/auth, roles: PUBLIC_ACCESS }
         - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

另外，您可能需要集成AUTH和使用的API路由：

security:
    # ...
    firewalls:
        # ...
        api:
            pattern: ^/api
            stateless: true
            json_login:
                check_path: jwt_auth
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
            jwt: ~
            entry_point: jwt
            refresh_jwt:
                check_path: jwt_refresh

就是这样！

5.让我们玩：与JWT访问API

就像my previous post一样，与curl连接到 /auth以获取令牌：

$ curl -X POST \
      -H "Content-Type: application/json" \
      -d '{"username":"your-username","password":"your-password"}' \
      https://your-domain/auth

您将获得刷新令牌和访问令牌。

{"token":"xxx.xxx.xxx","refresh_token":"xxx"}

gotchað
让我们尝试一些刷新令牌！

缺少ð©：
的情况

$ curl -X POST \
      https://(your-domain)/auth/refresh

{"code":401,"message":"Missing JWT Refresh Token"}

无效的情况ð©：

$ curl -X POST \
      -d refresh_token="wrong-value" \
      https://(your-domain)/auth/refresh

{"code":401,"message":"JWT Refresh Token Not Found"}

有效的情况ð：

$ curl -X POST \
      -d refresh_token="xxx" \
      https://(your-domain)/auth/refresh

{"token":"xxx.xxx.xxx","refresh_token":"xxx"}

是的