Laravel uses some JWT pits and the token is expired? Refresh back to front end? Lots of questions!


When using laravel, the auth and passport are abandoned. The main reason is that the front end and the back end of the project are separated, and the API interface is written in the back end. In addition, email does not provide login options, and password and user information are stored separately. There are many pits in the process of using JWT.
Pit 1Cannot be statically called with jwtauth

public function xxx (JWTAuth $jwt){

Jwtauth here is

use Tymon\JWTAuth\JWTAuth;

Those who are interested can have a look JWT.php and JWTAuth.php These two documents

Automatic refresh of Pit 2 token expired

The token has two valid periods, which are in config/ jwt.php below

'ttl' => env('JWT_TTL', 60),
'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),

This assumes that the user login is valid within half a month, and the half month here is refresh_ TTL, what is TTL? TTL is the validity period of a single token.
You can have n tokens in half a month. After all, it will be expired in one hour. At this time, the expiration is not really overdue. You can issue a new token.
After reading a lot of documents, I basically wrote an interface for refresh token
In fact, during JWT processing, if the token expired and you did not perform try catch processing, an error will be reported here. Moreover, the front-end does not get a new token to store.

public function tokenValidator(&$request,$jwt){
        #Check whether the header header in the request has a token
        if(is_null($token = \request() ->header('authorization'))){
            $this - > response (400, 'authorization failed, no authorization');
        #Extracting user data in token
            $user = $jwt->parseToken()->toUser()->toArray();
            if(! $user){
                $this - > response (200, 'user does not exist', ');
        }catch (TokenExpiredException $exception){
            #Exception handling token expired, refresh
                $token = $jwt->refresh();
                $access_token = 'Bearer'.$token;
            }catch(JWTException $exception){
                #Refresh also expired. Log in again
                $this - > response (400, 'authorization expired, re Login');



If the token is expired, you can catch the exception through tokenexpiredexception, and then refresh the token. When the token is refreshed, the response cannot be sent to the front end. Because the validity of your user’s login has not expired, this interface has to continue to move down. In request When the token is added to the header, the back interface will be a new token when it is used. However, when the back interface returns, it will bring the new token to the front end for storage.

I always feel that my code number is low