1

我正在为我的 SPA 使用 django-rest-framework-jwt 和 react-redux。

需要 5 分钟后过期的刷新令牌。刷新工作在 5 分钟内。不起作用后,控制台显示此错误:

POST http://localhost:8000/auth/api-token-refresh/ 400 (Bad Request)
createError.js:17 Uncaught (in promise) Error: Request failed with status code 400
    at createError (createError.js:17)
    at settle (settle.js:19)
    at XMLHttpRequest.handleLoad (xhr.js:78)

邮递员展示了这一点:

{
    "non_field_errors": [
        "Signature has expired."
    ]
}

有中间件的代码

import axios from "axios";
import * as urls from "../helpers/url";
import { authUpdateToken } from "../actions/auth";

const jwthunk = ({ dispatch, getState }: any) => (next: any) => (action: any) => {
  if (typeof action === 'function') {
    if (getState().auth && getState().auth.token) {
      const currentToken = getState().auth.token;

      verifyToken(currentToken)
        .then((tokenVerified: any) => {
          refreshToken(tokenVerified, dispatch)
        })
        .catch(() => {
          refreshToken(currentToken, dispatch)
        })
    } else {
      console.log('Not Auth');
    }
  }
  return next(action);
}

export default jwthunk;

const verifyToken = async (token: any) => {
  const body = { token };
  let verifiedToken = '';

  await axios.post('http://localhost:8000/auth/api-token-verify/', body)
    .then(({ data: { code, expires, token } }: any) => {
      verifiedToken = token;
    });

  return verifiedToken;
}

const refreshToken = async (token: any, dispatch: any) => {
  const body = { token }

  await axios.post('http://localhost:8000/auth/api-token-refresh/', body)
    .then((response: any) => {
      dispatch(authUpdateToken({ token }));
    })
}

django-rest-framework-jwt 发送一个唯一的令牌,没有刷新令牌

4

1 回答 1

0

我认为那里的图书馆有缺陷。您无法刷新过期的令牌..

解决方案

1)在你的代码中做一个猴子补丁(检查下面的提交代码) https://github.com/jpadilla/django-rest-framework-jwt/pull/348

2)切换到不同的库

3)您需要在您的应用程序(前端)中运行一个计时器,并在到期前每 5 分钟请求一次访问令牌。(这不是理想的方式)

于 2019-11-06T07:13:03.363 回答