Lifecycle β
TIP
Whether it's Swoole or Swow, in MineAdmin, they are integrated by Hyperf via the symfony/console component.
The startup command is php bin/hyperf.php start.
MineAdmin is built to run on PHP + (Swoole or Swow) + Hyperf.
To thoroughly understand the lifecycle of MineAdmin, it is crucial to grasp the lifecycle of its underlying architecture.
This article will not elaborate further on the lifecycle of the aforementioned underlying architecture. If interested, please study it independently.
This article will focus more on describing the lifecycle related to business logic.
Dual-Token Authentication Refresh β
The dual-token mechanism refers to the introduction of an additional Refresh Token alongside the traditional Access Token during user login. The Access Token is primarily used for identity verification and maintaining user sessions, while the Refresh Token is used to obtain a new Access Token when the current one expires. This design ensures security while providing a better user experience.
TIP
By default, the application's authentication mechanism is implemented using two tokens for interactive refresh authentication: the AccessToken and the RefreshToken.
The generation and authentication of JWT are uniformly handled by MineAdmin through the lcobucci/jwt component.
Sequence Diagram β
Flowchart β
Explanation β
After a successful login, the access token and refresh token are stored locally.
When a request fails with a 401 error code and the local refresh_token is not expired, the current request information is temporarily stored in a queue. This queue prevents multiple requests from simultaneously refreshing the token.
Subsequently, the refresh token is used to obtain a new access_token and refresh_token.
If the token exchange interface also returns a 401 error code, it means both the access_token and refresh_token have expired. In this case, the local cache must be cleared, and the user should be redirected to the login page.
If the token exchange is successful, the local token is updated, and the previously failed request is retried.