如何在Slim 3 Response Header中附加JWT令牌
[英]How to attach JWT token in Slim 3 Response Header
问题描述
I am Currently Working on SSO Project. 
我目前正在从事SSO项目。 Like Google, we have accounts.domain.com as SSO Server. 与Google一样,我们将account.domain.com作为SSO服务器。 And we have three applications hosted on three different servers(application1.com,application2.com,,application3.com,). 并且我们在三个不同的服务器(application1.com,application2.com 、, application3.com)上托管了三个应用程序。
Whenever the user wants to log in from those three applications then the user will be redirected to the SSO Server. 每当用户想要从这三个应用程序登录时,该用户都将被重定向到SSO服务器。 If the login credential supplied by the user is correct means the SSO Server generates a JWT access token. 如果用户提供的登录凭据正确,则SSO服务器将生成JWT访问令牌。 Now the Generated token have to be attached to the user requested application response header and then the user will be redirected to the requested application along with the "Authorization: Bearer $token". 现在,Generated令牌必须附加到用户请求的应用程序响应标头,然后将用户与“ Authorization:Bearer $ token”一起重定向到请求的应用程序。
I am currently facing problem in attaching the generated token to the response header. 我目前在将生成的令牌附加到响应标头时遇到问题。 I am currently using Slim 3 framework along with lcobucci/jwt for JWT token. 我目前正在将Slim 3框架与lcobucci / jwt一起用于JWT令牌。
My Code : 我的代码:
$username = "Test";
$newResponse = $response->withHeader('Authorization' , "Bearer $token");
return $newResponse->withRedirect("http://application1.com/$username", 301);
When I debug the Response header in accounts.domain.com the Authorization header seems to be set. 当我在accounts.domain.com中调试响应头时,似乎已设置了授权头。 But on another end (application1.com) not receiving the Authorization Header. 但是在另一端(application1.com)没有收到授权标头。
Screenshots 截图
Initial Request from application1.com SSO Domain Redirect to grab the Cookie Validate the Session by the Grabbed Cookie and attach the Auth Header attached Authentication Success but no Authorization Headers Received 来自application1.com SSO域重定向的 初始请求, 以获取Cookie来 通过Grabbed Cookie 验证会话并附加Auth Header附加 身份验证成功但未收到授权标头
My Doubt is whether the problem is because of server configuration(apache2) in .htaccess file (or) my implementation itself is wrong. 我的疑问是问题是否是由于.htaccess文件中的服务器配置(apache2)引起的(或者)我的实现本身是错误的。
Guide me to fix this error. 指导我修复此错误。
Environment Details : 环境细节:
- Server : Apache 2 服务器:Apache 2
- Framework : Slim 3 框架:Slim 3
- JWT : lcobucci/jwt package JWT:lcobucci / jwt包
1 个解决方案
解决方案1
0 2018-10-23 14:46:48
A redirection in the HTTP protocol doesn't support adding any headers to the target location. HTTP协议中的重定向不支持将任何标头添加到目标位置。 It's basically just a header in itself and only allows for a URL. 它基本上只是一个标头,仅允许使用URL。
It looks something like this: 看起来像这样:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
When you are adding your Authorization header you are only sending that header back to the client: 添加授权标头时,您仅会将标头发送回客户端:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
Authorization: ...
When you are sending a response redirect and also set some header like Authorization , the browser will not forward this header to the site it is now redirecting to. 当您发送响应重定向并设置一些标题(例如Authorization ,浏览器将不会将此标头转发到现在重定向到的站点。 If you are absolutely bent on passing some parameter to the site the browser will redirect to, you will have to pass that parameter as an URL query parameter. 如果您绝对希望将某些参数传递给浏览器将重定向到的站点,则必须将该参数作为URL查询参数传递。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.