Open overtrue opened 6 years ago
最近遇到个跟Passport有关的问题,暂时还没有找到解决办法,就是如何复用accessToken?
// Creating a token without scopes...
$token = $user->createToken('Token Name')->accessToken;
我现在不得不每次都创建新的然后吊销之前的全部Token. Retrieving a personal access token after it's been created 有讨论这个问题,但是解决方法并没有拿到我希望的Bearer 请求令牌。
Bearer请求令牌,相当于Password,不应该被Server明文存储,所以你只有每次创建Toaken可以得到。当然API消费方可以存储这个令牌和与之对应的更新令牌。
IMHO, the token in the Bearer header is like the password. The server should not store it. Instead, the server will only store the hashed value of the token. That means there's no way to get it again after the creating request. Of course, the API consumer could store the token and the refresh token for using in the Bearer header.
重新改进了逻辑,只在没有Token的情况下进行OAuth,这样避免每次都重签Token。
https://overtrue.me/articles/2018/11/set-expired-at-for-laravel-passport-personal-access-token.html
认真看过 Laravel Passport 文档 的人应该知道,它的 Personal Access Token 是不支持自定义过期时间的,tokensExpireIn 对此类 token 无效,原文如下: Personal access tokens are always long-lived. Their lifetime is not modified when using the tokensExpireIn or refreshTokensExpireIn methods. 默认时间为 1 年,但是这可能不满足我们的需求,我们想要改成其它更短的时间怎么办呢?今天尝试了一下,应该...