Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refreshToken问题 #42

Open
Gosnails opened this issue Apr 9, 2024 · 5 comments
Open

refreshToken问题 #42

Gosnails opened this issue Apr 9, 2024 · 5 comments

Comments

@Gosnails
Copy link

Gosnails commented Apr 9, 2024

  async refreshToken(accessToken: AccessTokenEntity) {
    const { user, refreshToken } = accessToken

    if (refreshToken) {
      const now = dayjs()
      // 判断refreshToken是否过期
      if (now.isAfter(refreshToken.expired_at))
        return null

      const roleIds = await this.roleService.getRoleIdsByUser(user.id)
      const roleValues = await this.roleService.getRoleValues(roleIds)

      // 如果没过期则生成新的access_token和refresh_token
      const token = await this.generateAccessToken(user.id, roleValues)

      await accessToken.remove()
      return token
    }
    return null
  }

refreshToken没有相关接口,refreshToken校验也只用了过期时间匹配,

@Gosnails
Copy link
Author

我仔细看了下作者的refreshToken这块逻辑,应该是用accessToken来获取关联refreshToken进行校验,来刷新accessToken,我目前是这么做的。主要之前接触的都是拿refreshToken来换,由于前端接触后端较少,不清楚这块的常规方案。

@jingshuixiao-sbi-dalian

一般refreshToken签名验证通过后再验证关联的accessToken是否正确就没问题了.

@907014165
Copy link

我也看到这个模块了但是我好奇为什么需要把accessToken和refreshToken存数据库呢?有没有好心的大佬来解答一下小弟的疑惑

@jingshuixiao-sbi-dalian

我也看到这个模块了但是我好奇为什么需要把accessToken和refreshToken存数据库呢?有没有好心的大佬来解答一下小弟的疑惑

跟踪 状态

@FerretAngel
Copy link

对啊,好奇怪。这个refreshToken的逻辑就写了一半就没了。
按理来说有个接口是通过refreshToken刷新accessToken的。
但是我找了好久没找到这个接口。
只有一个accessToken刷新token的???accessToken没过期为什么要刷新??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants