duanchazhou6779
duanchazhou6779
2018-05-09 13:09

Laravel Passport:API的令牌是否存储在服务器上,在哪里?

已采纳

I tried to find where the token returned by the method $user->createToken('MyApp')->accessToken; is stored on the database but I can't seem to find it. Is it stored in the server in the first place? If so, where?

If it's not stored on the server because it's self-contained, why did Laravel's developers put $table->rememberToken(); in the default create_users_table.php migration? What's the purpose of the column remember_token?

Thank you for your help.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • doudi8231 doudi8231 3年前

    I guess you could say that some part of the token is stored in the database.

    The token returned is JWT (JSON Web Token). Encoded in it is information about the token, like its expiration time, the algorithm used to hash it, the token scopes and its ID (in the payload it's named jti). That ID is what's stored in the oauth_access_tokens table.

    In this method in the \Laravel\Passport\PersonalAccessTokenFactory::findAccessToken class you can see how Laravel is checking if the token is in the database:

     /**
     * Get the access token instance for the parsed response.
     *
     * @param  array  $response
     * @return Token
     */
    protected function findAccessToken(array $response)
    {
        return $this->tokens->find(
            $this->jwt->parse($response['access_token'])->getClaim('jti')
        );
    }
    

    If you get a valid token and paste it in this online tool you will see the structure of it. Here's how it looks:

    screenshot of the parsed token

    Now, knowing the expected format of the payload, if you play around a bit with this information and the data you have in your oauth_access_tokens (id, scope, creation and expiration date) you should be able to create a valid token.

    点赞 评论 复制链接分享
  • dongqie7806 dongqie7806 3年前

    No, the access token value is not stored anywhere. If you lose it, it's gone. You'll need to regenerate a new token.

    The rememeber_token field is for the "Remember Me" functionality for normal web authentication. It is not related to Passport API authentication at all.

    点赞 评论 复制链接分享
  • douyan4900 douyan4900 3年前

    Remember token in user table is for "Remember Me" when you log in on web. Laravel: What is “remember_token” in the “users” DB table?

    If you use passport and create API you can find token id in oauth_access_tokens in database.

    点赞 评论 复制链接分享