单个令牌刷新与长时间运行的刷新令牌 (Django GraphQL JWT)
我使用了“单个令牌刷新”模式和“长时间运行刷新令牌”模式。
“单令牌刷新”模式:
GRAPHQL_JWT = {
"JWT_VERIFY_EXPIRATION": True,
"JWT_EXPIRATION_DELTA": timedelta(minutes=5),
"JWT_REFRESH_EXPIRATION_DELTA": timedelta(days=7),
}
“长时间运行刷新令牌”模式:
GRAPHQL_JWT = {
"JWT_VERIFY_EXPIRATION": True,
"JWT_LONG_RUNNING_REFRESH_TOKEN": True, // This code is added.
"JWT_EXPIRATION_DELTA": timedelta(minutes=5),
"JWT_REFRESH_EXPIRATION_DELTA": timedelta(days=7),
}
但我无法在“单令牌刷新”模式下获取刷新令牌强>在下面运行这个graphql:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
refreshToken // Here
}
}
然后,我得到了这个错误:
{
"errors": [
{
"message": "Cannot query field \"refreshToken\" on type \"ObtainJSONWebToken\". Did you mean \"refreshExpiresIn\"?",
"locations": [
{
"line": 20,
"column": 5
}
]
}
]
}
然后,我删除了“refreshToken”字段并运行了这个graphql:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
# refreshToken
}
}
然后,我可以得到这个结果,没有错误,但我仍然无法得到刷新令牌:
{
"data": {
"tokenAuth": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3MDk2MTExLCJvcmlnSWF0IjoxNjQ3MDk1ODExfQ.5AY0HGqqmy3KwW1Gb_DFO99hIvJJh_AEngRH7hSe4DM",
"payload": {
"username": "admin",
"exp": 1647096111,
"origIat": 1647095811
},
"refreshExpiresIn": 1647700611
}
}
}
接下来,当我运行时此 graphql 在“长时间运行刷新令牌”模式下具有“refreshToken”字段:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
refreshToken // Here
}
}
我可以成功获取刷新令牌:
{
"data": {
"tokenAuth": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3MDk1ODg0LCJvcmlnSWF0IjoxNjQ3MDk1NTg0fQ.MOfdeD4P8SNNtCu3cm83qchqZr2aMo_ToWx_NchFiuE",
"payload": {
"username": "admin",
"exp": 1647095884,
"origIat": 1647095584
},
"refreshExpiresIn": 1647700384,
"refreshToken": "9f82f2044942bdce8501c8caf026f93765ee7289" // Here
}
}
}
据我所知,对于JWT< /strong>,通常有2个令牌访问令牌和刷新令牌,但为什么我在“单令牌刷新”模式下无法获取刷新令牌强>?此外,“单一令牌刷新”模式和“长时间运行刷新令牌”模式之间有什么区别?
I used both "Single token refresh" mode and "Long running refresh tokens" mode.
"Single token refresh" mode:
GRAPHQL_JWT = {
"JWT_VERIFY_EXPIRATION": True,
"JWT_EXPIRATION_DELTA": timedelta(minutes=5),
"JWT_REFRESH_EXPIRATION_DELTA": timedelta(days=7),
}
"Long running refresh tokens" mode:
GRAPHQL_JWT = {
"JWT_VERIFY_EXPIRATION": True,
"JWT_LONG_RUNNING_REFRESH_TOKEN": True, // This code is added.
"JWT_EXPIRATION_DELTA": timedelta(minutes=5),
"JWT_REFRESH_EXPIRATION_DELTA": timedelta(days=7),
}
But I couldn't get a refresh token in "Single token refresh" mode running this graphql below:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
refreshToken // Here
}
}
Then, I got this error:
{
"errors": [
{
"message": "Cannot query field \"refreshToken\" on type \"ObtainJSONWebToken\". Did you mean \"refreshExpiresIn\"?",
"locations": [
{
"line": 20,
"column": 5
}
]
}
]
}
Then, I removed "refreshToken" field and ran this graphql:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
# refreshToken
}
}
Then, I could get this result without error but I still couldn't get a refresh token:
{
"data": {
"tokenAuth": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3MDk2MTExLCJvcmlnSWF0IjoxNjQ3MDk1ODExfQ.5AY0HGqqmy3KwW1Gb_DFO99hIvJJh_AEngRH7hSe4DM",
"payload": {
"username": "admin",
"exp": 1647096111,
"origIat": 1647095811
},
"refreshExpiresIn": 1647700611
}
}
}
Next, when I ran this graphql with "refreshToken" field in "Long running refresh tokens" mode:
mutation {
tokenAuth(username: "admin", password: "admin") {
token
payload
refreshExpiresIn
refreshToken // Here
}
}
I could get a refresh token successfully:
{
"data": {
"tokenAuth": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ3MDk1ODg0LCJvcmlnSWF0IjoxNjQ3MDk1NTg0fQ.MOfdeD4P8SNNtCu3cm83qchqZr2aMo_ToWx_NchFiuE",
"payload": {
"username": "admin",
"exp": 1647095884,
"origIat": 1647095584
},
"refreshExpiresIn": 1647700384,
"refreshToken": "9f82f2044942bdce8501c8caf026f93765ee7289" // Here
}
}
}
As long as I know, for JWT, normally there are 2 tokens Access token and Refresh token but why couldn't I get a refresh token in "Single token refresh" mode? Additionally, what is the difference between "Single token refresh" mode and "Long running refresh tokens" mode?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
顾名思义,在“单令牌刷新”模式下,您只能获取一个单令牌,而单令牌是<的组合令牌。 strong>访问令牌和刷新令牌,因此单个令牌具有访问令牌和刷新令牌 2个功能所以只有一个单曲token,你可以做两件事“访问资源(访问令牌功能)”和“刷新单个令牌(刷新令牌功能)”。在“单令牌刷新”模式下,您无法分别获取访问令牌和刷新令牌。这就是为什么您无法在“单一令牌刷新”模式下获取刷新令牌的原因。
在“长时间运行刷新令牌”模式下,您可以分别获取访问令牌和刷新令牌,这正是您所期望和想要的。在“长时间运行刷新令牌”模式下,您可以进行更多设置,例如每个 cookie,无限刷新,仅使用一次刷新令牌和清除刷新令牌。
As the name suggests, in "Single token refresh" mode, you can get only one Single token and Single token is the combination token of Access token and Refresh token so Single token has 2 functions of both Access token and Refresh token so with only one Single token, you can do 2 things "access resources(Access token function)" and "refresh Single token(Refresh token function)". You cannot get an access token and a refresh token separately in "Single token refresh" mode. That's why you couldn't get a refresh token in "Single token refresh" mode.
In "Long running refresh tokens" mode, you can get both Access token and Refresh token separately which is what you expect and want. In "Long running refresh tokens" mode, you can do more settings such as Per-cookie, Unlimited refresh, One time only use refresh token and Clear refresh tokens.