JWT actively checks whether the Token has expired

JSON Web Token (JWT for short) is currently the most popular cross-domain authentication solution

Why do I need user authentication when the front-end and back-end are separated for development?The reason is that the HTTP protocol is stateless, which means that when we authenticate a user with an account and password, it will forget the previous data when the next request is made.So our program doesn't know who is who, and we have to verify it again.So in order to ensure system security, we need to verify whether the user is logged in.

JWT composition

JWT consists of three parts: Header, Payload, Signature, and finally spliced ​​by .

JWT verification principle

Through the jwt generation rules explained earlier, the first two parts of jwt are the base64 encoding of the header and payload.When the server receives the token from the client, it parses the first two parts to get the header and payload, and uses the algorithm in the header to sign with the server's local private secret to determine whether it is consistent with the signature carried in jwt.

Active verification is expired

In some business scenarios of form submission, it will check whether the token is valid. If the token has expired at this time, the front end will prompt the user to log in again.For example, the Open Source Byte rental applet submits housing listings.This operation mode will cause the data input by the user to be lost, resulting in a very bad user experience. Therefore, in the rental applet, we have implemented the function of actively verifying the token. When we open the form, we will verify the token. At this time, the user does notEnter any data.In this way, the user's experience is improved.

/*** Verify that the token has expired*/public boolean isExpiration(String token) {try {Claims claims = parseToken(token);String userKey = getTokenKey(claims.get(Constants.LOGIN_USER_KEY).toString());LoginUser loginUser = redisCache.getCacheObject(userKey);long expireTime = loginUser.getExpireTime();long currentTime = System.currentTimeMillis();if (expireTime - currentTime <= 0){return true;}} catch (Exception e) {return true;}return false;}/*** Get data claim from token** @param token token* @return data declaration*/private Claims parseToken(String token){return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();}

The above shared content is free in Open Source Byte Low Code PlatformGet, go to the crowd

If reprinted, please indicate the source: Open Source Byte https://sourcebyte.cn/article/212.html