jwt-autorefresh

如果您使用的是节点(React / Redux / Universal JS)，则可以安装 npm i -S jwt-autorefresh .

此库根据用户计算的访问令牌到期之前的秒数(基于令牌中编码的exp声明)计划刷新JWT令牌 . 它有一个广泛的测试套件，并检查很多条件，以确保任何奇怪的活动伴随着有关您的环境配置错误的描述性消息 .

Full example implementation

import autorefresh from 'jwt-autorefresh'

/** Events in your app that are triggered when your user becomes authorized or deauthorized. */

import { onAuthorize, onDeauthorize } from './events'

/** Your refresh token mechanism, returning a promise that resolves to the new access tokenFunction (library does not care about your method of persisting tokens) */

const refresh = () => {

const init = { method: 'POST'

, headers: { 'Content-Type': `application/x-www-form-urlencoded` }

, body: `refresh_token=${localStorage.refresh_token}&grant_type=refresh_token`

}

return fetch('/oauth/token', init)

.then(res => res.json())

.then(({ token_type, access_token, expires_in, refresh_token }) => {

localStorage.access_token = access_token

localStorage.refresh_token = refresh_token

return access_token

})

}

/** You supply a leadSeconds number or function that generates a number of seconds that the refresh should occur prior to the access token expiring */

const leadSeconds = () => {

/** Generate random additional seconds (up to 30 in this case) to append to the lead time to ensure multiple clients dont schedule simultaneous refresh */

const jitter = Math.floor(Math.random() * 30)

/** Schedule autorefresh to occur 60 to 90 seconds prior to token expiration */

return 60 + jitter

}

let start = autorefresh({ refresh, leadSeconds })

let cancel = () => {}

onAuthorize(access_token => {

cancel()

cancel = start(access_token)

})

onDeauthorize(() => cancel())

disclaimer: I am the maintainer