如何使用 jwt-auth 在 Laravel 中正确设置 JWT 机密?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/41761451/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to correctly set a JWT secret in Laravel with jwt-auth?
提问by f7n
I'd like to test the authentication of JWTs in my project as the JWTs will be sent from outside the app, and so they must be signed using the key from my application. Is this possible? Does anyone know of a site that allows you to sign a token using a secret?
我想在我的项目中测试 JWT 的身份验证,因为 JWT 将从应用程序外部发送,因此必须使用我的应用程序中的密钥对它们进行签名。这可能吗?有谁知道允许您使用秘密签署令牌的网站?
I tried http://jwtbuilder.jamiekurtz.com/but JWT-auth keeps returning {"error":"token_invalid"}if I enter the key which was returned by jwt:generate. This leads me to believe the key returned by this command is not actually the key used to sign JWTs in my application.
我尝试过http://jwtbuilder.jamiekurtz.com/但{"error":"token_invalid"}如果我输入由jwt:generate. 这使我相信此命令返回的密钥实际上并不是用于在我的应用程序中对 JWT 进行签名的密钥。
I'm using php artisan jwt:generateto generate a key, which returns the following:
我正在使用php artisan jwt:generate生成一个密钥,它返回以下内容:
jwt-auth secret [...] set successfully.
But where is it set? The JWT_SECRETvariable in my .ENV file doesn't change, and if I perform a project wide search for the key it's not found.
但它在哪里设置?JWT_SECRET我的 .ENV 文件中的变量不会更改,如果我对密钥执行项目范围的搜索,则找不到它。
Does this command work?
这个命令有效吗?
Laravel 5.3, jwt-auth 0.5.9.
Laravel 5.3,jwt-auth 0.5.9。
采纳答案by Tekgno
Recent testing in both 0.5.9 and 0.5.12 indicates that the jwt:generatecommand ONLY changes the value in config/jwt.phpIFF it is the key in use. To see this for yourself, set the value in .envto be the same as in config/jwt.phpand it WILL change the one in config the first time you run it but then it will break.
最近在 0.5.9 和 0.5.12 中的测试表明该jwt:generate命令仅更改config/jwt.phpIFF 中的值,它是正在使用的密钥。要亲眼看到这一点,请将 in 中的值设置为与 in 中的值.env相同config/jwt.php,它会在您第一次运行时更改配置中的值,但随后会中断。
A bit of searching indicates that the dev has no plans to fix this for 0.5.*
一些搜索表明开发人员没有计划为 0.5 修复此问题。*
I wrote a (admittedly rather ungainly single line) bash script that will create this JWT_SECRET in .env if it does not exist or update all occurrences of 'JWT_SECRET=':
我写了一个(诚然相当笨拙的单行)bash 脚本,如果它不存在或更新所有出现的 'JWT_SECRET=',它将在 .env 中创建这个 JWT_SECRET:
env=".env"; secret="$(php artisan jwt:generate --show)"; oldsecrets="$(grep '^JWT_SECRET=' $env)"; if [ -z "$oldsecrets" ]; then sed -i "$ a JWT_SECRET=$secret" "$env"; else echo "$oldsecrets" | while IFS= read -r line ; do echo "$line"; sed -i -e "s/$line/JWT_SECRET=$secret/g" "$env"; done; fi
回答by Loek
From the documentation:
从文档:
Don't forget to set a secret key in the config file!
不要忘记在配置文件中设置密钥!
Since you can't find the key in a search, I think you haven't actually published the config:
由于您在搜索中找不到密钥,我认为您实际上还没有发布配置:
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\JWTAuthServiceProvider"
The docs seem pretty clear and the issues on GitHub don't mention the problems you're having, so take a peek into them and see if you maybe skipped step. Happens to the best of us! https://github.com/tymondesigns/jwt-auth/wiki/Installation
文档看起来很清楚,GitHub 上的问题没有提到你遇到的问题,所以看看它们,看看你是否可能跳过了步骤。发生在我们最好的人身上!https://github.com/tymondesigns/jwt-auth/wiki/Installation
