方案一:
双token: access_token 和 refresh_token
CREATE TABLE `user_token` (
`id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
`user_id` bigint(20) NOT NULL,
`access_token` bigint(20) UNSIGNED NOT NULL,
`access_token_expired` datetime NOT NULL,
`refresh_token` bigint(20) UNSIGNED NOT NULL,
`refresh_token_expired` datetime NOT NULL,
`created_at` datetime NOT NULL,
`updated_at` datetime NOT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `token`(`token`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
逻辑:当前时间大于access_token_expired并且小于refresh_token_expired,则可以刷新access_token的值和增加access_token_expired
此方案需要前端请求后端授权api
时把access_token
,refresh_token
都保存起来,当,则通过refresh_token请求后端刷新access_token
的接口获取新的access_token
方案二:
单token:只有登录成功后才派发token,后续不更新token
CREATE TABLE `user_token` (
`id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
`user_id` bigint(20) NOT NULL,
`token` bigint(20) UNSIGNED NOT NULL,
`expired_at` datetime NOT NULL,
`created_at` datetime NOT NULL,
`updated_at` datetime NOT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `token`(`token`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
此方案主要作用是防止用户操作到一半突然要求用户重新登录,所以逻辑上要在expired_at
之前,如:当前时间 >= expired_at - 半小时 ,给token续期(修改expired_at
)