[英]Node.js - Express.js JWT always returns an invalid token error in browser response
I'm using node.js and express.js with the express-jwt module, and I have set up a simple HTTP server to test everything: 我正在使用带有express-jwt模块的node.js和express.js,我已经设置了一个简单的HTTP服务器来测试所有内容:
This is the node code involved: 这是涉及的节点代码:
app.set('port', process.env.PORT || 3000);
app.use(express.methodOverride());
app.use(allow_cross_domain);
app.use('/api', expressJwt({secret: '09qrjjwef923jnrge$5ndjwk'}));
app.use(express.json());
app.use(express.urlencoded());
app.use('/', express.static(__dirname + '/'));
app.use(function(err, req, res, next){
if (err.constructor.name === 'UnauthorizedError') {
res.send(401, 'Unauthorized');
}
});
app.get('login',function(req,res){
//...
jwt.sign(results.username+results.email, secret, { expiresInMinutes: 9000000000*9393939393393939393939 });
});
app.post('api/profile',function(req,res){
console.log(req.user); // this return undefined in console
res.send(req.user); // response is pending and dunno why it returns error in browser console
});
So once I open the /login
URL I get logged in and I send the session token to api/post
, which returns this response error in the browser console: 所以,一旦我打开/login
URL,我就会登录并将会话令牌发送到api/post
,这会在浏览器控制台中返回此响应错误:
{"error":{"message":"invalid signature","code":"invalid_token","status":401,"inner":{}}}
I don't understand why this is happening, because the token stored in the front-end and the token in JWT are the same. 我不明白为什么会发生这种情况,因为存储在前端的令牌和JWT中的令牌是相同的。 What could be the reason for this error? 这个错误的原因是什么?
An example of headers POST
ed to the api/post
URL: POST
到api/post
URL的标题示例:
Here is an example 这是一个例子
http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/ http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/
var expressJwt = require('express-jwt');
var jwt = require('jsonwebtoken');
var SECRET = 'shhhhhhared-secret';
app.use('/api', expressJwt({secret: SECRET}));
app.post('/authenticate', function (req, res) {
//TODO validate req.body.username and req.body.password
//if is invalid, return 401
if (!(req.body.username === 'john.doe' && req.body.password === 'foobar')) {
res.send(401, 'Wrong user or password');
return;
}
var profile = {
first_name: 'John',
last_name: 'Doe',
email: 'john@doe.com',
id: 123
};
// We are sending the profile inside the token
var token = jwt.sign(profile, SECRET, { expiresIn: 18000 }); // 60*5 minutes
res.json({ token: token });
});
app.get('/api/protected',
function(req, res) {
res.json(req.user);
});
Also, make sure you don't put a : after bearer. 此外,请确保您不要在持票人之后放置: Eg 例如
BAD! 坏! Authorization: Bearer: eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH
Prints "UnauthorizedError: jwt must be provided" to logs Authorization: Bearer: eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH
在日志中打印“UnauthorizedError:jwt必须提供”
Good Authorization: Bearer eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH
好的Authorization: Bearer eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.