Return 身份验证成功的 JWT 令牌
Return JWT token from successful authentication
我创建了这个端点来验证用户:
@PostMapping("/authorize")
public String login(@Valid @RequestBody AuthenticationDTO resetDTO) {
return userRestService.authorize(resetDTO.getName(), resetDTO.getPassword());
}
身份验证成功后,令牌被 returned。例如:
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg
身份验证后与 JWT 令牌相关的 return DTO 格式的最佳实践是什么?例如,将令牌 return 转换为
这样的格式是个好主意吗?
{
Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg
}
在这种情况下有哪些好的做法?
除了 returning JSON 始终 return 对象(始终将数组、数字、字符串包装在顶级对象中)之外,没有真正好的做法。
对于您的特定用例,您可以以 oauth2 authorization framework 和 return 为例:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"Bearer",
"expires_in":3600,
}
我创建了这个端点来验证用户:
@PostMapping("/authorize")
public String login(@Valid @RequestBody AuthenticationDTO resetDTO) {
return userRestService.authorize(resetDTO.getName(), resetDTO.getPassword());
}
身份验证成功后,令牌被 returned。例如:
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg
身份验证后与 JWT 令牌相关的 return DTO 格式的最佳实践是什么?例如,将令牌 return 转换为
这样的格式是个好主意吗?{
Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg
}
在这种情况下有哪些好的做法?
除了 returning JSON 始终 return 对象(始终将数组、数字、字符串包装在顶级对象中)之外,没有真正好的做法。 对于您的特定用例,您可以以 oauth2 authorization framework 和 return 为例:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"Bearer",
"expires_in":3600,
}