如何识别刷新令牌 API 的完整响应体?
Posted
技术标签:
【中文标题】如何识别刷新令牌 API 的完整响应体?【英文标题】:How to identify the full response body of refresh token API? 【发布时间】:2021-06-24 12:41:44 【问题描述】:这些是为移动应用开发的身份验证和刷新令牌 API。任何人都可以根据此代码帮助识别刷新令牌 API 的响应正文吗?我对完整的响应机构感到困惑。我相信最终的回应是:
"success":true,
"message":"Refresh Token generated"
但在那之前的完整回应是什么?
@ApiOperation(value = "Authenticate", tags = )
@ApiResponses(value =
@ApiResponse(code = HttpServletResponse.SC_OK, message = "The response body contains a boolean value and a message.", response = ResponseBase.class),
@ApiResponse(code = HttpServletResponse.SC_BAD_REQUEST, message = "Bad Request.", response = ResponseBase.class),
@ApiResponse(code = HttpServletResponse.SC_UNAUTHORIZED, message = "Login failed.", response = ResponseBase.class),
@ApiResponse(code = HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message = "Make sure specify 'application/json' as the media type.", response = ResponseBase.class),
@ApiResponse(code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message = "Internal Server Error", response = ResponseBase.class)
)
@RequestMapping(value = Constants.REST_API_AUTH, method = RequestMethod.POST)
public ResponseEntity<Object> createAuthenticationToken(@RequestBody @Valid AuthenticationRequest request) throws Exception
String msg = null;
try
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getUsername())
);
catch (BadCredentialsException e)
msg = "Incorrect username or password";
catch (AccountStatusException e)
msg = e.getMessage();
if (null != msg)
msg = "Login failed: " + msg;
String detail = request.toString();
log.info(msg);
throw new RestApiException(HttpStatus.UNAUTHORIZED, false, msg, detail);
if (smsUtil.isSGNumber(request.getUsername()))
String result = otpService.checkOtp(request.getUsername(), request.getPassword());
msg = "Login failed: OTP " + result;
if (Constants.OTP_STATUS_EXP.equals(result) || Constants.OTP_STATUS_MIS.equals(result))
throw new RestApiException(HttpStatus.UNAUTHORIZED, false, msg, msg);
final UserDetail userDetail = new UserDetail(request.getUsername(), "");
final String token = jwtTokenUtil.generateToken(userDetail);
ResponseBase body = new ResponseBase();
msg = "Login successful";
log.info(" : ", msg, request);
body.setSuccess(true);
body.setMessage(msg);
return httpUtil.createResponseEntityJson(HttpStatus.OK, httpUtil.createSecTokenHeader(token), body);
@GetMapping(value = Constants.REST_API_REFRESH_TOKEN)
public ResponseEntity<Object> getRefreshToken(@RequestHeader(Constants.HTTP_AUTH_HEADER) String authHeader, HttpServletRequest request)
log.info("Generate refresh token");
String token = httpUtil.extractSecurityToken(authHeader);
ResponseBase body = new ResponseBase();
body.setSuccess(true);
body.setMessage("Refresh Token generated");
String refreshToken;
DefaultClaims claims = (io.jsonwebtoken.impl.DefaultClaims) request.getAttribute("claims");
if(null == claims)
refreshToken = jwtTokenUtil.renewToken(token);
else
refreshToken = jwtTokenUtil.renewToken(claims);
return httpUtil.createResponseEntityJson(HttpStatus.OK, httpUtil.createSecTokenHeader(refreshToken), body);
从最后一行 return httpUtil.createResponseEntityJson(HttpStatus.OK, httpUtil.createSecTokenHeader(refreshToken), body); 开始,createSecTokenHeader 将调用它:
public HttpHeaders createSecTokenHeader(String token)
HttpHeaders headers = new HttpHeaders();
headers.set(Constants.HTTP_AUTH_HEADER, Constants.HTTP_AUTH_HEADER_BEARER + token);
return headers;
【问题讨论】:
【参考方案1】:正如您所说,响应如下:
"success":true,
"message":"Refresh Token generated"
来自代码:
return httpUtil.createResponseEntityJson(HttpStatus.OK, httpUtil.createSecTokenHeader(refreshToken), body);
但我相信刷新令牌来自带有
的标题httpUtil.createSecTokenHeader(refreshToken)
【讨论】:
嗨,我刚刚更新了我的问题。您能否看一下并告诉我是否可以为您提供更多信息以找出完整的响应正文?真的需要帮助。 似乎来自 getRefreshToken() 的响应生成了一个令牌并将其添加到附加到“BEARER”的标头中,即BEARER refresh_token 并将其分配给 Constants.HTTP_AUTH_HEADER 当你执行它时,检查网络浏览器和标题中的选项卡以查找刷新令牌。以上是关于如何识别刷新令牌 API 的完整响应体?的主要内容,如果未能解决你的问题,请参考以下文章
如何使用访问和刷新令牌返回自定义数据以识别 Django Rest Framework 简单 JWT 中的用户?