Trying to implement JWT authentication in node. Getting unauthorized in protected routes(尝试在节点中实现 JWT 身份验证.在受保护的路线中获得未经授权)
问题描述
我正在尝试实现 JWT 身份验证./login 和/register 工作正常,它们返回身份验证令牌,但是当我尝试使用标头 'Authorization' = 'JWT token_received' 获取/secret 时,它返回一个字符串'unauthorized',我看不到来自 JWTStrategy 的日志记录.请让我知道我哪里出错了.
I am trying to implement JWT authentication. /login and /register work fine and they return authentication token, but when I try to GET /secret with a header 'Authorization' = 'JWT token_received', it returns a string 'unauthorized' and I can see no logging from JWTStrategy. Please let me know where I am going wrong.
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = "very_secret"
passport.use(new JwtStrategy(opts, function(payload, next){
console.log("payload received" + payload);
User.findById(payload.id, function(err, user){
console.log("user found:" + user);
if(err){
return next(err, false)
}
else if(user){
return next(null, user)
}
else{
return next(null, false)
}
});
}
));
app.use(passport.initialize());
app.post("/login", function(req, res){
var email = req.body.email;
var password = req.body.password;
var user = User.findOne({"email": email}, function(err, user){
if(err){
res.json({"error": err});
return;
}
if(!user){
res.json({"message": "No user found"});
return;
}
if(user.password == password){
res.json(
{
"message": "User found",
"token": jwt.sign({"id": user.id}, opts.secretOrKey)
}
);
}
else{
res.json({"message": "Password did not match"});
}
});
});
app.post("/register", function(req, res){
new User({ email: req.body.email, password: req.body.password}).
save(function(err, user){
if(err){
res.json({"message": "User cannot be created"});
}
else{
res.json(
{
"message": "ok",
"token": jwt.sign({"id": user.id}, opts.secretOrKey)
}
);
}
});
});
app.get("/secret", passport.authenticate("jwt", {session: false}), function(req, res){
console.log(req.get('Authorization'));
res.json(req.user);
});
使用邮递员作为客户端.向邮递员索取详细信息,
Using postman as the client. Request details from postman,
GET /secret HTTP/1.1
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Authorization: JWT token_I_received_on_login
Cache-Control: no-cache
Postman-Token: 114060a3-3074-6688-6245-0b0cfe7e9f04
推荐答案
知道了.请求中有错误.
Got it. Made a mistake in the request.
根据 README,应该是 'Authorization' = 'bearer token_received_on_login'
As per the README, it should be 'Authorization' = 'bearer token_received_on_login'
这篇关于尝试在节点中实现 JWT 身份验证.在受保护的路线中获得未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:尝试在节点中实现 JWT 身份验证.在受保护的路线
- 如何使用 JSON 格式的 jQuery AJAX 从 .cfm 页面输出查 2022-01-01
- 使用RSelum从网站(报纸档案)中抓取多个网页 2022-09-06
- 400或500级别的HTTP响应 2022-01-01
- Css:将嵌套元素定位在父元素边界之外一点 2022-09-07
- 失败的 Canvas 360 jquery 插件 2022-01-01
- addEventListener 在 IE 11 中不起作用 2022-01-01
- Quasar 2+Apollo:错误:找不到ID为默认的Apollo客户端。如果您在组件设置之外,请使用ProvideApolloClient() 2022-01-01
- CSS媒体查询(最大高度)不起作用,但为什么? 2022-01-01
- Flexslider 箭头未正确显示 2022-01-01
- Fetch API 如何获取响应体? 2022-01-01
