Accurately refresh the client's access token #12719
Labels
area/Client
Related to Nacos Client SDK
kind/enhancement
Category issues or prs related to enhancement.
plugin
Is your feature request related to a problem? Please describe.
If the user updates the
nacos.core.auth.plugin.nacos.token.secret.key
parameter in the application, the generated access tokens will need to wait for the next cycle before being refreshed, with a refresh interval ofnacos.core.auth.plugin.nacos.token.expire.seconds
- (nacos.core.auth.plugin.nacos.token.expire.seconds
/10); During this period, when the client calls Nacos related interfaces, it will prompt: Invalid signature. The reason is that the server has already updated the key, causing the signature verification to fail.如果用户更新了application 中的 nacos.core.auth.plugin.nacos.token.secret.key 参数,针对已经产生的accessToken需要等待下一个周期才会进行刷新,刷新间隔 = nacos.core.auth.plugin.nacos.token.expire.seconds - (nacos.core.auth.plugin.nacos.token.expire.seconds / 10);在这期间客户端调用Nacos相关接口将会提示:Invalid signature 原因是服务端已经更新key导致签名校验不通过。
Describe the solution you'd like
Judge the server response code in the 'nacose client' code, such as code=403; In this scenario, it means that the Nacos server has adjusted the auth key, which can trigger a user to log in again to refresh the access token. This way, the client will obtain the latest access token.
在
nacose-client
代码中对服务端响应code进行判断,如code=403;这种场景下意味着Nacos服务端调整了auth key,那么可以触发一次用户重新登录来刷新accessToken,这样客户端将获取到最新的accessToken。Describe alternatives you've considered
We encountered an issue when upgrading Nacos from version 2.2.3 to 2.4.2, where the client reconnecting to Nacos prompted: Invalid signature; After investigation, we found that versions 2.3. x and later have made adjustments to the base64 of the auth key, which led to this issue. For details, please refer to the issue: #12434 The official suggestion for this issue is to adjust the Nacos parameter `nacos.core.auth.plugin.nacos.token.expire.seconds' to shorten the expiration time, but this will make the refresh frequency very frequent and require restarting the original service before upgrading, which is not very elegant.
我们在将Nacos由2.2.3版本升级到2.4.2时遇到了一个问题,这个问题是客户端重连Nacos提示:Invalid signature;经过排查我们发现2.3.x以后的版本针对auth key的base64进行过调整,导致了这个问题的出现,详情参考issue:#12434 对于这个问题,官方的建议是调整Nacos参数
nacos.core.auth.plugin.nacos.token.expire.seconds
来缩短过期时间,但是这样会将刷新变得很频繁,而且需要先重启原有服务再升级,这样不太优雅。Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: