使用 symfony 4 和 Api 平台添加注销操作,并将此操作与 React Native 一起使用以销毁 JWT 生成的令牌
Add a logout action with symfony 4 and Api platform and use this action with React Native to destroy the token generated by JWT
我将 symfony 4 与 Api 平台和 jwt 捆绑包一起使用,以使用令牌管理用户身份验证。
我想添加一个注销操作以从前端应用程序注销用户并销毁令牌并重定向到登录屏幕(前端使用 React Native)。
我的配置在security.yml:
security:
encoders:
App\Entity\AppUser:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\AppUser
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
stateless: true
anonymous: true
provider: app_user_provider
json_login:
check_path: /authentication_token
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
logout:
path: app_logout
refresh:
pattern: ^/token/refresh
stateless: true
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/generate_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
我创建了一个 securityController.php 并添加了这样的注销操作:
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;
class SecurityController extends AbstractController
{
/**
* @Route("/logout", name="app_logout", methods={"GET"})
*/
public function logout()
{
throw new \Exception('should not be reached');
}
}
我在前端应用程序中创建了一个函数,如下所示:
logoutAndDestroyToken() {
axios.get(API.partage_mandats_local + '/logout', { headers: { 'Authorization': 'Bearer ' + this.props.token } })
.then((response) => {
console.log(response.data)
this.props.navigation.navigate('Dashboard')
})
.catch((error) => {
console.log('Error' + error)
})
}
但我收到了一个奇怪的对象作为回应。 axios 函数的响应是:
{
"@context": "/contexts/Entrypoint",
"@id": "/",
"@type": "Entrypoint",
"mandateRequest": "/mandate_requests",
"contactProject": "/contact_projects",
"contactRequest": "/contact_requests",
"tradeOperationType": "/trade_operation_types",
"requestStatus": "/request_statuses",
"city": "/cities",
"contactType": "/contact_types",
"contact": "/contacts",
"contactRequestCommission": "/contact_request_commissions",
"appUser": "/app_users",
"mandate": "/mandates"
}
我需要的是注销并销毁令牌。有什么建议吗?
您可以简单地删除存储在客户端(e.i。浏览器,本地存储)的令牌。
为了更安全,您应该从服务器端使令牌无效,这 link 对理解场景很有用。
我将 symfony 4 与 Api 平台和 jwt 捆绑包一起使用,以使用令牌管理用户身份验证。 我想添加一个注销操作以从前端应用程序注销用户并销毁令牌并重定向到登录屏幕(前端使用 React Native)。 我的配置在security.yml:
security:
encoders:
App\Entity\AppUser:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\AppUser
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
stateless: true
anonymous: true
provider: app_user_provider
json_login:
check_path: /authentication_token
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
logout:
path: app_logout
refresh:
pattern: ^/token/refresh
stateless: true
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/generate_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
我创建了一个 securityController.php 并添加了这样的注销操作:
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;
class SecurityController extends AbstractController
{
/**
* @Route("/logout", name="app_logout", methods={"GET"})
*/
public function logout()
{
throw new \Exception('should not be reached');
}
}
我在前端应用程序中创建了一个函数,如下所示:
logoutAndDestroyToken() {
axios.get(API.partage_mandats_local + '/logout', { headers: { 'Authorization': 'Bearer ' + this.props.token } })
.then((response) => {
console.log(response.data)
this.props.navigation.navigate('Dashboard')
})
.catch((error) => {
console.log('Error' + error)
})
}
但我收到了一个奇怪的对象作为回应。 axios 函数的响应是:
{
"@context": "/contexts/Entrypoint",
"@id": "/",
"@type": "Entrypoint",
"mandateRequest": "/mandate_requests",
"contactProject": "/contact_projects",
"contactRequest": "/contact_requests",
"tradeOperationType": "/trade_operation_types",
"requestStatus": "/request_statuses",
"city": "/cities",
"contactType": "/contact_types",
"contact": "/contacts",
"contactRequestCommission": "/contact_request_commissions",
"appUser": "/app_users",
"mandate": "/mandates"
}
我需要的是注销并销毁令牌。有什么建议吗?
您可以简单地删除存储在客户端(e.i。浏览器,本地存储)的令牌。 为了更安全,您应该从服务器端使令牌无效,这 link 对理解场景很有用。