JWT-GO 错误 4 和来自另一个 api url 的令牌验证
[英]JWT-GO Error 4 and token verification from another api url
问题描述
I am using package "github.com/dgrijalva/jwt-go" in golang to authenticate api hits.
我在 golang 中使用 package "github.com/dgrijalva/jwt-go" 来验证 api 命中。
The code for creating a jwt token is:创建 jwt 令牌的代码是:
token := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.MapClaims{
"email": "test@example.com",
"exp": time.Now().Add(time.Hour * 8760).Unix(),
"role": "customer",
"name": "John Doe",
"ip": 0.0.0.0,
"user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
"id": 1,
})
tokenString, err := token.SignedString([]byte(config.SignKey))
Following are the steps to use this token:以下是使用此令牌的步骤:
- First login api hits and we call above method to generate token and return this token in the api response.首先登录 api 命中,我们调用上述方法生成令牌并在 api 响应中返回此令牌。
After that another api hits which contains this token in its headers with "Bearer " string.
之后,另一个 api 命中,其标题中包含此令牌,带有“Bearer”字符串。 We decode this token and authenticate it through following code:我们解码此令牌并通过以下代码对其进行身份验证:bearer:= strings.Split(c.Request.Header["Authorization"][0], "Bearer") bearerToken:= strings.TrimSpace(bearer[1]) token, err:= jwt.Parse(bearerToken, func(token *jwt.Token) (interface{}, error) {return config.SignKey, nil}) if err.= nil { c,JSON(200. gin:H{"response": "{error, "err": msg. Session Expired. Please log out and back in to continue2,}".}) c.Abort() return }
Now suppose the token was decoded for url: http://SOMEDOMAIN.COM/api/v1/SOMEAPI现在假设令牌被解码为 url: http://SOMEDOMAIN.COM/api/v1/SOMEAPI
from this api I issued another curl command in the format:从这个 api 我发出另一个 curl 命令格式:
"curl --header 'Ip: " + ip + "' --header 'User-Agent: " + userAgent + "' --header 'Authorization: " + token + "' 'http://SOMEDOMAIN.COM/api/v2/ANOTHERAPI'"
This command hits another different api but using the same credentials like token is same what was created from login api.此命令命中另一个不同的 api,但使用相同的凭据(如令牌)与从登录 api 创建的凭据相同。
Both apis with different urls are hosted over same server but different golang project folder.具有不同 url 的两个 api 都托管在同一服务器上,但 golang 项目文件夹不同。
Now at this time this package does not authenticate the token and gives following error:现在这个 package 不验证令牌并给出以下错误:
{"response":{"code":400,"api_status":10,"message":"Session Expired. Please log out and back in to continue2.","data":{"Inner":{},"Errors":4}}}
I was looking for meaning of error code 4 in this case.在这种情况下,我正在寻找错误代码 4 的含义。
Can anyone please explain what is the meaning of Error: 4 and why it is behaving like this on different api urls?谁能解释一下Error: 4的含义以及为什么它在不同的 api url 上会这样?
1 个解决方案
解决方案1
1 2019-09-26 08:40:31
When I investigated your code,当我调查你的代码时,
There is an misuse about your config.SignKey , It seems it was casting []byte while signing token.您的config.SignKey存在误用,似乎在签署令牌时正在投射[]byte 。
But while parsing your token;但是在解析你的令牌时;
{return config.SignKey, nil}
You used default type and didn't cast []byte .您使用了默认类型并且没有强制转换[]byte 。
{return []byte(config.SignKey), nil}
I think it is the issue.我认为这是问题所在。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.