堆栈内存溢出
  简体   繁体   English

在oauth20中集成json web令牌

[英]Integrating json web token in oauth20

 原文  2019-05-13 11:02:46       node.js/ oauth-2.0/ jwt/ gmail-api

问题描述

I am trying to create an api where user can sign up with an email or can sign in with google, I use json web token for authentication and oauth20, the problem is, can, I pass a jwt with oauth? 我正在尝试创建一个api用户可以使用电子邮件注册或者可以使用google登录,我使用json web令牌进行身份验证和oauth20,问题是,我可以通过一个带有oauth的jwt吗?

I have tried passing it and, I get a token if, I console log, but how do, I pass it to the user, like can i some way attach it to the req.user object in the cb by oauth or something like that? 我试过传递它,我得到一个令牌,如果,我控制日志,但是怎么做,我把它传递给用户,就像我可以通过某种方式将它附加到cb中的req.user对象oauth或类似的东西?

I am doing this in the google strategy: 我在谷歌策略中这样做: 

 async (accessToken, refreshToken, params, profile, cb) => {

   const userCheck = await User.findOne({ googleId: profile.id });

 if (userCheck) {
        const payload = {
          user: {
            id: userCheck.id
          }
        };

        jwtToken.sign(
          payload,
          config.get("jwtSecret"),
          { expiresIn: 360000 },
          (err, token) => {
            if (err) {
              throw err;
            }
            //   console.log(token);
            return res.json({ token });
          },
          cb(null, userCheck)
        );

My routes are protected like this: 我的路线受到如下保护: 

router.get("/", auth, async (req, res)=>{
...some code
    }

where auth is a middle ware function auth是一个中间件功能

This is the Auth middleware function: 这是Auth中间件功能:

module.exports = function(req, res, next) { module.exports = function(req,res,next){ 

  const token = req.header("x-auth-token");

  // If no token found


 if (!token)
 {
    return res.status(401).json({ msg: "User not authorized" });
  }

  // Set token to user

 try {
    const decoded = jwtToken.verify(token, config.get("jwtSecret"));

     req.user = decoded.user;
  } 

 catch (err)
 {
    res.
status(401)
.json({ msg: "User not authenticated, please login or sign up" });
  }
  next();

};

1 个解决方案

解决方案1
 0  2019-05-14 06:07:33

I found the solution, you need to pass sign the token in the passport.serializeUser and then send the it with a redirection in response of the redirect url. 我找到了解决方案,你需要在passport.serializeUser传递令牌,然后发送重定向以响应重定向网址。

The serialize user function: 序列化用户功能: 

passport.serializeUser(async (user, cb) => {
  const payload = {
    user: {
      id: user.id
    }
  };
  token = jwtToken.sign(payload, config.get("jwtSecret"), {
    expiresIn: 360000
  });
  console.log("serialize");
  cb(null, user.id);
});

The redirection route: 重定向路由: 

router.get(
  "/google/redirect",
  passport.authenticate("google", { sessionStorage: false }),
  (req, res) => {
    res.redirect("/" + token);
  }
);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google oauth20的护照,未使用的中间件,passport.initialize() - Passport for Google oauth20, middleware not in use, passport.initialize() Passportjs Google OAuth20 在数字海洋上部署时不起作用 - Passportjs Google OAuth20 not working when deployed on digital ocean 谷歌 oauth20 匿名回调函数未在passport.use 块中执行 - Google oauth20 anonymous cllback function is not being executed in passport.use block 如何将Json Web Token(JWT)和Google oauth结合使用passwordjs,passport-google-oauth和node来创建社交登录系统? - How to combine Json Web Token(JWT) and google oauth using passportjs, passport-google-oauth and node to create social login system? JSON Web令牌策略 - JSON Web TOken Strategy 将 JSON 网络令牌列入黑名单 - Blacklisting JSON web token JSON 网络令牌 - 有效负载中的密码? - JSON web token - password in the payload? JSON Web令牌(JWT)安全 - JSON Web Token (JWT) Security 将OAuth与Kuzzle集成 - Integrating OAuth with Kuzzle Node.JS 语法错误:JSON 中的意外令牌 i 在 position 20 - Node.JS SyntaxError: Unexpected token i in JSON at position 20
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM