使用 symfony 4 和 Api 平台添加注销操作,并将此操作与 React Native 一起使用以销毁 JWT 生成的令牌

Add a logout action with symfony 4 and Api platform and use this action with React Native to destroy the token generated by JWT

我将 symfony 4 与 Api 平台和 jwt 捆绑包一起使用,以使用令牌管理用户身份验证。 我想添加一个注销操作以从前端应用程序注销用户并销毁令牌并重定向到登录屏幕(前端使用 React Native)。 我的配置在security.yml:

security:
    encoders:
        App\Entity\AppUser:
            algorithm: auto
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\AppUser
                property: email
        # used to reload user from session & other features (e.g. switch_user)
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            stateless: true
            anonymous: true
            provider: app_user_provider
            json_login:
                check_path: /authentication_token
                username_path: email
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
            logout:
                path: app_logout
        refresh:
            pattern:  ^/token/refresh
            stateless: true
            anonymous: true

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/generate_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

我创建了一个 securityController.php 并添加了这样的注销操作:

<?php


namespace App\Controller;


use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;

class SecurityController extends AbstractController
{
    /**
     * @Route("/logout", name="app_logout", methods={"GET"})
     */
    public function logout()
    {
        throw new \Exception('should not be reached');
    }
}

我在前端应用程序中创建了一个函数,如下所示:

logoutAndDestroyToken() {
    axios.get(API.partage_mandats_local + '/logout', { headers: { 'Authorization': 'Bearer ' + this.props.token } })
      .then((response) => {
        console.log(response.data)
        this.props.navigation.navigate('Dashboard')
      })
      .catch((error) => {
        console.log('Error' + error)
      })
  }

但我收到了一个奇怪的对象作为回应。 axios 函数的响应是:

{
    "@context": "/contexts/Entrypoint",
    "@id": "/",
    "@type": "Entrypoint",
    "mandateRequest": "/mandate_requests",
    "contactProject": "/contact_projects",
    "contactRequest": "/contact_requests",
    "tradeOperationType": "/trade_operation_types",
    "requestStatus": "/request_statuses",
    "city": "/cities",
    "contactType": "/contact_types",
    "contact": "/contacts",
    "contactRequestCommission": "/contact_request_commissions",
    "appUser": "/app_users",
    "mandate": "/mandates"
}

我需要的是注销并销毁令牌。有什么建议吗?

您可以简单地删除存储在客户端(e.i。浏览器,本地存储)的令牌。 为了更安全,您应该从服务器端使令牌无效,这 link 对理解场景很有用。