参考文章:https://www.csdn.net/tags/NtTaUgxsODY1MDYtYmxvZwO0O0OO0O0O.html
1、api请求token
第一步,客户端请求接口服务器,传参(用户信息,secretKey,)
$client = new \jsonRPCClient(C('SX_HOST_URL').'Services/TokenService');
$result = $client->getToken([
'id' => $userAuth['id'],
'truename' => $userAuth['truename'],
'tel' => $userAuth['tel'],
'headimg' => $userAuth['headimg'],
'agent_id' => $userAuth['agentid'],
'nonce' => getRandomStr(),
'secretKey' => C('PROXY_SECRET'),
'account' => C('PROXY_NAME'),
'agent_info' => $agentInfo,
]);
接口服务器验证来源合法性、参数合法性、时间合法性,生成包含用户信息的token,存储
返回给客户端token和token有效期
用户请求的时候挂上token
2、前后端分离
前端登录,请求服务器,生成token和refresh_token;并存储有效期
public function createToken($user)
{
$token = md5(microtime(true));
$refresh_token = base64_encode($token);
$expire = C('TOKEN_EXPIRE');
$refresh_expire = C('REFRESH_TOKEN_EXPIRE');
S($token, $user, ['type' => 'file', 'temp' => C('CACHE_DONT_CLEAR'), 'expire' => $expire]);
S($refresh_token, $user, ['type' => 'file', 'temp' => C('CACHE_DONT_CLEAR'), 'expire' => $refresh_expire]);
S('newapp_'.$user['id'], $token, ['type' => 'file', 'temp' => C('CACHE_DONT_CLEAR'), 'expire' => $expire]);
S('newapp_refresh'.$user['id'], $refresh_token, ['type' => 'file', 'temp' => C('CACHE_DONT_CLEAR'), 'expire' => $refresh_expire]);
return ['token' => $token, 'refresh_token' => $refresh_token];
}
前端用户拿到token和refresh_token存储
uni.setStorageSync('userInfo', userdata);
请求服务器接口的时候挂上token,如果token过期,用refresh_token重新请求,
//刷新token并继续之前请求
async function doRequest(config) {
//刷新token
const refreshToken = uni.getStorageSync('userInfo')['refresh_token']
const res = await req.request({
url: 'refreshToken',
method: 'POST',
data: {
refreshToken: refreshToken
},
authToken: false
})
console.log(res)
if (res.error_code === 0) {
// 成功
let userdata = {
"uid": res.data.user.uid,
"agentid": res.data.user.agentid,
"username": res.data.user.tel,
"nickname": res.data.user.truename,
"headimg": res.data.user.headimg,
"token": res.data.token,
"refresh_token": res.data.refresh_token,
}
uni.setStorageSync('userInfo', userdata);
//重新请求当前任务
let url = config.url.replace(baseUrl, '');
var postData = {
url: url,
method: config.method,
data: config.data,
authToken: true
}
return await req.request(postData)
} else {
// refreshToken 已过期
uni.showToast({
title: '请重新登录',
icon: 'none'
});
uni.removeStorageSync('userInfo');
uni.removeStorageSync('appInfo');
uni.removeStorageSync('isLogin');
uni.reLaunch({
url: '/pages/auth/login'
})
}
}
如果refresh_token没过期,重新生成token和refresh_token,前端重新发送请求
两个同时过期,重新登录