由于集成进系统以后发现无法登出,各种调试无果,直接撸了以下代码,撤销token后直接使用已撤销的token进行查询,结果为200,打印的profile 也是正常有数据,这是我理解错了么?撤销难道不是直接accessToken失效?
public static void main(String[] args) {
AuthenticationClientOptions clientOptions = new AuthenticationClientOptions();
clientOptions.setAppId("xxx");
clientOptions.setAppSecret("xxx");
clientOptions.setAppHost("xxx");
clientOptions.setRedirectUri("xxx");
AuthenticationClient authenticationClient = new AuthenticationClient(clientOptions);
authenticationClient.revokeToken(tk); //撤销token
GetProfileDto profileDto = new GetProfileDto();
authenticationClient.setAccessToken(tk);
UserSingleRespDto profile = authenticationClient.getProfile(profileDto);
System.out.println("profile = " + JsonUtils.serialize(profile).toString());
}
`
用的最新的3.0.1版本,尝试下降版本,降到3.0.0拉不下来,又降到1.0.6,发现1.0.6差异比较大。目前再依然在尝试别的方式接入
<dependency>
<groupId>cn.authing</groupId>
<artifactId>authing-java-sdk</artifactId>
<version>3.0.1</version>
</dependency>
你好 我现在成功降到了3.0.0版本依然存在此问题
why
5
您好,您用 3.0.1 的 sdk 就可以,我看下 sdk 的接入
感觉应该和sdk无关 是和哪里配置有关系,我放弃了sdk直接使用http调用了撤销token,是返回200状态码,但是token依然可以正常用
HttpRequest request = HttpUtil.createPost("https://xx.authing.cn/oauth/token/revocation");
request.header("Content-Type","application/x-www-form-urlencoded");
Dict dict = Dict.create();
dict.put("client_id","xx");
dict.put("client_secret","xx");
dict.put("token",tk);
request.form(dict);
HttpResponse response = request.execute();
System.out.println("响应1:"+response);
您代码中的 tk 是通过什么 API 获取到的?可以给一下示例值吗
why
8
您测试下,我这边测试 撤销 token 可以的,您的 access_token 通过什么 API 获取的?
public class AuthingJavaSDKDemo {
private static final String AUTHING_APP_ID = "xxx"; // 控制台获取 - 应用 ID
private static final String AUTHING_APP_SECRET = "xxx"; // 控制台获取 - 应用密钥
private static final String AUTHING_APP_HOST = "xxxx"; // 控制台获取 - 应用认证地址
private static final String REDIRECT_UIR = "xxx"; // 控制台获取 - 登录回调 URL
static String account = "xxxx"; // 用户名
static String password = "xxxx"; // 用户密钥
@Test
public void revokeTokenTest() throws IOException, ParseException {
LoginTokenRespDto respDto = loginByAccount(account, password);
String accessToken = respDto.getData().getAccessToken();
UserSingleRespDto profile = getProfileByAccessToken(accessToken);
System.out.println("profile = " + JsonUtils.serialize(profile));
// 撤销 accessToken
revokeToken(accessToken);
profile = getProfileByAccessToken(accessToken);
System.out.println("profile = " + JsonUtils.serialize(profile));
}
public static LoginTokenRespDto loginByAccount(String account, String password) throws IOException, ParseException {
AuthenticationClientOptions clientOptions = new AuthenticationClientOptions();
clientOptions.setAppId(AUTHING_APP_ID);
clientOptions.setAppSecret(AUTHING_APP_SECRET);
clientOptions.setAppHost(AUTHING_APP_HOST);
AuthenticationClient client = new AuthenticationClient(clientOptions);
LoginTokenRespDto response = client.signInByAccountPassword(
account,
password,
new SignInOptionsDto());
// System.out.println(JsonUtils.serialize(response));
return response;
}
public static UserSingleRespDto getProfileByAccessToken(String accessToken) throws IOException, ParseException {
AuthenticationClientOptions clientOptions = new AuthenticationClientOptions();
clientOptions.setAppId(AUTHING_APP_ID);
clientOptions.setAppSecret(AUTHING_APP_SECRET);
clientOptions.setAppHost(AUTHING_APP_HOST);
clientOptions.setRedirectUri(REDIRECT_UIR);
AuthenticationClient authenticationClient = new AuthenticationClient(clientOptions);
GetProfileDto profileDto = new GetProfileDto();
authenticationClient.setAccessToken(accessToken);
UserSingleRespDto profile = authenticationClient.getProfile(profileDto);
return profile;
}
public static void revokeToken(String accessToken) throws IOException, ParseException {
AuthenticationClientOptions clientOptions = new AuthenticationClientOptions();
clientOptions.setAppId(AUTHING_APP_ID);
clientOptions.setAppSecret(AUTHING_APP_SECRET);
clientOptions.setAppHost(AUTHING_APP_HOST);
clientOptions.setRedirectUri(REDIRECT_UIR);
AuthenticationClient authenticationClient = new AuthenticationClient(clientOptions);
authenticationClient.revokeToken(accessToken); //撤销token
}
}
我这边是通过guard登录获取到的token
“@authing/vue-ui-components”: “^3.1.31”
登录获取到以后携带在请求头,后端服务获取到以后验证token有效 再通过token获取用户信息写入缓存。
但是一旦使用guard登录成功以后,每次加载guard都会直接获取到这个token并且有效,无法退出登录状态
以下是前端登录代码
mounted() {
// 使用 start 方法挂载 Guard 组件到你指定的 DOM 节点,登录成功后返回 userInfo
this.$guard.start("#authing-guard-container").then((userInfo) => {
console.log("userInfo: ", userInfo);
this.$store.dispatch("LoginByAuthing", userInfo).then(() => {
this.$router.push({ path: this.redirect || "/" }).catch(()=>{});
}).catch(() => {
this.loading = false;
if (this.captchaOnOff) {
this.getCode();
}
});
});
},
LoginByAuthing({ commit }, userInfo) {
return new Promise((resolve, reject) => {
setToken(userInfo.token)
commit('SET_TOKEN', userInfo.token)
resolve()
})
},
以及获取到的token:
“eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cGRhdGVkX2F0IjoiMjAyMi0xMS0xNlQxMzo1ODoyNy41NjJaIiwiYWRkcmVzcyI6eyJjb3VudHJ5IjpudWxsLCJwb3N0YWxfY29kZSI6bnVsbCwicmVnaW9uIjpudWxsLCJmb3JtYXR0ZWQiOm51bGx9LCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOmZhbHNlLCJwaG9uZV9udW1iZXIiOm51bGwsImxvY2FsZSI6bnVsbCwiem9uZWluZm8iOm51bGwsImJpcnRoZGF0ZSI6bnVsbCwiZ2VuZGVyIjoiVSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZW1haWwiOm51bGwsIndlYnNpdGUiOm51bGwsInBpY3R1cmUiOiJodHRwczovL2ZpbGVzLmF1dGhpbmcuY28vYXV0aGluZy1jb25zb2xlL2RlZmF1bHQtdXNlci1hdmF0YXIucG5nIiwicHJvZmlsZSI6bnVsbCwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJuaWNrbmFtZSI6bnVsbCwibWlkZGxlX25hbWUiOm51bGwsImZhbWlseV9uYW1lIjpudWxsLCJnaXZlbl9uYW1lIjpudWxsLCJuYW1lIjpudWxsLCJzdWIiOiI2Mzc0N2Q4ZjM2YjU1NTljNjQyODVkMzQiLCJleHRlcm5hbF9pZCI6bnVsbCwidW5pb25pZCI6bnVsbCwidXNlcm5hbWUiOiJhZG1pbjEiLCJkYXRhIjp7InR5cGUiOiJ1c2VyIiwidXNlclBvb2xJZCI6IjYyMTQ5MzcwNDgyYTQ4NWRkNGQ1OGNlMCIsImFwcElkIjoiNjM3NGIxMjFlNDFlOTE1ZjQ3YWIyNWYyIiwiaWQiOiI2Mzc0N2Q4ZjM2YjU1NTljNjQyODVkMzQiLCJ1c2VySWQiOiI2Mzc0N2Q4ZjM2YjU1NTljNjQyODVkMzQiLCJfaWQiOiI2Mzc0N2Q4ZjM2YjU1NTljNjQyODVkMzQiLCJwaG9uZSI6bnVsbCwiZW1haWwiOm51bGwsInVzZXJuYW1lIjoiYWRtaW4xIiwidW5pb25pZCI6bnVsbCwib3BlbmlkIjpudWxsLCJjbGllbnRJZCI6IjYyMTQ5MzcwNDgyYTQ4NWRkNGQ1OGNlMCJ9LCJ1c2VycG9vbF9pZCI6IjYyMTQ5MzcwNDgyYTQ4NWRkNGQ1OGNlMCIsImF1ZCI6IjYzNzRiMTIxZTQxZTkxNWY0N2FiMjVmMiIsImV4cCI6MTY2OTgxNjgwNCwiaWF0IjoxNjY4NjA3MjA0LCJpc3MiOiJodHRwczovL3lmbmIuYXV0aGluZy5jbi9vaWRjIn0.KzFe1ny-V0e6XjjwkEVfFrVa3DvxD3TWUEW99NNfSVQ”
我这边退出登录的操作是先调用sdk撤销token 然后清除相关数据 跳转到登录页,但是一旦跳转到登录页 就会加载guard再次获取token,获取到的token也是之前撤销的token并且有效,然后再次配置到请求头给后端验证,后端验证结果也是依然有效。 就导致我退出登录以后 去登录页转了一圈什么也没干 又回到了登陆状态
zkb
11
前端登录的登录态不以 token 标识,需要使用前端登出接口,清除前端登录态,可参考以下文档 标准协议认证模块 | Authing 文档
标准协议认证模块 | Authing 文档
你好 我这边通过前端调用guard.logout()成功登出了, 但是没弄明白。如果我在后端调用buildLogoutUrl 需要传入id_token 但是通过guard返回的userinfo中似乎只有access_token,我是是不是需要通过别的什么途径用access_token去获取id_token? 前端登录的登录态不以 token 标识, 言下之意就是前端登录不能直接用token控制登录态吗?那是不是必须调用guard.logout() 才能退出登陆?这样就无法直接在服务端让用户下线?
zkb
13
后端可以使用管理侧的 API ,执行用户下线
Authing 管理 API(V3)
