如何使 JWT 令牌 PHP 无效

2022-01-10 00:00:00 jwt php laravel

我正在尝试使 JWT 中的令牌无效(或删除),但我无法实现.首先我做了类似这个答案的事情说 Laravel JWT-auth 身份验证的注销问题:

I'm trying to invalidate (or remove) a token from JWT but I can't achieve that. First I did something like this answer says Logout issue with Laravel JWT-auth authentication:

JWTAuth::invalidate(JWTAuth::getToken())):

但我收到此错误:

不应静态调用非静态方法 TymonJWTAuthJWT::invalidate(),假设 $this 来自不兼容的上下文

Non-static method TymonJWTAuthJWT::invalidate() should not be called statically, assuming $this from incompatible context

然后我做了这样的事情:

Then I did something like this:

use IlluminateHttpRequest;
use TymonJWTAuthJWTAuth;

class AuthController extends Controller
{
    protected $jwt;

    public function __construct(JWTAuth $jwt)
    {
        $this->jwt = $jwt;
    }

    public function invalidateToken(Request $request)
    {
        $this->jwt->parseToken()->invalidate();

        return response()->json(array('message' => 'log out'));
    }

    ...
}

但我仍然可以将令牌用于另一个请求,并且无法删除或使其无效.

But I can still use the token for another request and I can't remove or invalidate it.

我做错了什么使令牌无效?

What am I doing wrong to invalidate the token?

我从这里阅读了另一个问题,并在 github 上的 JWT 回购中发布了帖子(这是图书馆我正在使用),我按照所有示例使令牌无效或删除,但我仍然无法删除或使其无效.

I read another questions from here and issues post from the repo of JWT on github (this is the library I'm using) and I followed all the examples to invalidate or remove the token and I can't still remove or invalidate it .

推荐答案

如果您的 .env 文件中的 cache_driver 设置为数组以外的内容,则黑名单功能有效.

The blacklist feature works if cache_driver in your .env file is set to something other than array.

将其更改为文件对我有用.但是,在我的特殊情况下,我也使用了 Entrust,当 cache_driver 设置为文件或数据库时会导致问题.所以,不得不放弃黑名单/无效功能.

Changing it to file worked for me. However, in my particular case, I was using Entrust too, which causes issues when cache_driver is set to file or database. So, had to drop the blacklist/invalidate functionality.

希望这对某人有所帮助.

Hope this helps someone.

相关文章