Laravel/JWT token 什么时候上黑名单?
Laravel/JWT token When Does The Token Become Blacklisted?
当一段时间没有activity时,应用程序有时会抛出TokenBlacklistedException。令牌在一年后过期,所以它不一定是过期的。
新部署后经常发生。
令牌什么时候被列入黑名单?
如有任何参考或解释,我们将不胜感激。
提前致谢。
我正在使用https://github.com/tymondesigns/jwt-auth
以下内容来自 Auth0 的文档页面。请查看页面以获取更多详细信息。
The JWT spec provides the jti field as a way to prevent replay attacks. Though Auth0 tokens do not currently return a jti, you can blacklist a jti to prevent a token being used more than X times. In this way you are kind of implementing a nonce (think of the token's signature as the nonce). If a token gets stolen, it should be blacklisted (or the nth token that has been issued after it) and wait for it to expire.
我也发现这个 post 关于将令牌列入黑名单的信息非常丰富,希望这对您有所帮助。
干杯!
当一段时间没有activity时,应用程序有时会抛出TokenBlacklistedException。令牌在一年后过期,所以它不一定是过期的。
新部署后经常发生。
令牌什么时候被列入黑名单?
如有任何参考或解释,我们将不胜感激。
提前致谢。
我正在使用https://github.com/tymondesigns/jwt-auth
以下内容来自 Auth0 的文档页面。请查看页面以获取更多详细信息。
The JWT spec provides the jti field as a way to prevent replay attacks. Though Auth0 tokens do not currently return a jti, you can blacklist a jti to prevent a token being used more than X times. In this way you are kind of implementing a nonce (think of the token's signature as the nonce). If a token gets stolen, it should be blacklisted (or the nth token that has been issued after it) and wait for it to expire.
我也发现这个 post 关于将令牌列入黑名单的信息非常丰富,希望这对您有所帮助。
干杯!