The background judges that the token expires, and the background refreshes the token,. What should be done next?

as shown in the title

Let me describe the problem I encountered in detail. If I try to send the request again, the background verifies the token, in the header. If at this time, the token is found to have expired, and then a series of judgments are made that it is a legitimate token, to allow token refresh, and the backend takes the initiative to refresh the token, and successfully get a new token,. Then the problem arises:

because the requested interface has returned information, should I return the refreshed token to the front end at this time, or should I directly return the data that should be returned by the API request after obtaining the new token?

1. If you return token, directly, is it necessary to determine whether there is a token refresh return for every request with token in the front end? if you return refreshed token, do you need to send the request again with the newly returned token,? I don"t think so.

2. What about token if it returns the specific data that the interface should return? At this time, the background refreshes the token, but the front end still saves the expired token, but the background can set the new token directly to the header in the returned method body. If this is the case, how does the front end judge whether the token in the header is refreshed? is it difficult for every request front end with token to get the token? in the header from the returned data? It feels like it"s back to square one.

with the help of the bosses, are there any better solutions for the above two methods, or put aside my two methods, there are other suitable solutions that meet my needs? my younger brother, a college student, dig a hole for myself. Want to fill in

Springboot background front-end java
Feb.11,2022

refer to Wechat's practice

When
returns token, it also returns the number of seconds left to expire ($expire seconds)

the front end saves the token and notes when it expires (now + $expire)

the front-end call determines that if the token expires, take the initiative to refresh the token first
this part can be made into a getToken () method, in which dealing with the expiration judgment and re-obtaining the token, have no effect on the existing code logic

the logic of the backend is very simple. If the token is illegal or expired, an error will be returned

token fails and returns failure
Let the user log in to

reason. To keep it simple, you can do this.
first of all, when you request the backend and the backend finds that the token expires, the backend must return error to you, right?
then you need to refresh the token interface at this time instead of letting the server give you token at the same time, right? after the request to refresh the token interface is successful, You can save it anywhere, such as cookie, and then bring the new token to re-request the previous api,
. I think this scheme is quite suitable for you.

token expires and can only log in again.
users have to modify the expiration time of token every time they request.
token cannot be changed since the user logs in

  • token is saved when logging in, and each request header is added with token
  • if the request backend finds that the front-end token is incorrect (expired or for some other reason) and returns an error, the front-end jumps to the login page to log in again
  • if the token expires, you can log in again and return a new one to him. What's the point?
  • write token to cookie once and for all
  • if the requirement is to run under prohibited cookie, the front end writes an ajax global response interceptor. Each response refreshes the token of the response header, and each time the status code is judged to determine whether to jump to the landing page
    • .

https://stackoverflow.com/que.

1. If the backend determines that the token expires, it directly returns 401
2. The expiration time of the token saved at the front end is judged. If it expires, the front end request is added to a queue and the refresh token operation is performed first
3. Wait for the new valid token to be obtained before performing the request operation in the queue

1. The failure code (such as 1002) is returned when token is returned. The frontend jumps to the login interface
2 according to the invalidation code. The frontend initiates the request to the backend, verifies that when the token,token expires (expired), the backend refresh token, returns the token together with the request data, and then determines whether the token is refreshed according to whether the return body contains token,. If refreshed, Then resave the token (recommended localStorage)

Previous: Can spring make rmi calls between different versions?

Next: Vue api interface component problem

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu