我是否需要将有效负载传递给此代码以生成 JWT 令牌?
[英]Do I need to pass a payload to this code to generate JWT token?
问题描述
I want to use JWT to generation token to authenticate users.
我想使用 JWT 生成令牌来验证用户。 When I use postman to test the code with a registered username and password, it returned the JsonWebTokenError: jwt malform .当我使用邮递员使用注册的用户名和密码测试代码时,它返回JsonWebTokenError: jwt malform 。 On close review, I discovered that the error comes from jwt.verify section.经过仔细审查,我发现错误来自jwt.verify部分。
- Do I need to pass a payload value to generate the token?我是否需要传递有效载荷值来生成令牌?
- How can I configure it so that when a users makers a log in request, say he's passing his username and password, along with email and password, the client must pass a client identity ( [payload + clientID] ), for the server to know for whom the token is to be signed.我如何配置它以便当用户提出登录请求时,说他正在传递他的用户名和密码,以及电子邮件和密码,客户端必须传递一个客户端身份( [payload + clientID] ),以便服务器知道为谁签名令牌。
- Is there any special value I need to pass in
Postman Headerto test the working of the token system?我需要在Postman Header传递任何特殊值来测试令牌系统的工作吗?
THE CODE编码
const jwt = require('jsonwebtoken');
const fs = require('fs');
// PRIVATE and PUBLIC key
const publicKey = fs.readFileSync(__dirname + '/public.key', 'utf8');
const privateKey = fs.readFileSync(__dirname + '/private.key', 'utf8');
// Returns secret only known to server at runtime
exports.getSecret = () => {
const secret = require('../config/secret.json').secret;
return secret;
};
// Returns token
exports.getToken = (payload, signOptions) => {
if (!signOptions) {
signOptions = {
issuer: "Myself",
expiresIn: "30d",
algorithm: "RS256"
}
};
const token = jwt.sign(payload, privateKey, options);
return (token);
};
// Returns result of token validation
exports.validateToken = (token, verifyOptions) => {
if (!verifyOptions) {
verifyOptions = {
issuer: "Myself",
expiresIn: "30d",
algorithm: "RS256"
}
};
try {
return jwt.verify(token, publicKey, verifyOptions);
} catch (err) {
return err;
}
};
// Returns validation result of token
exports.token_post = (req, res) => {
res.send(this.validateToken(req.header.Authorization, this.getSecret()));
};
The remaining part of the code below is linked to a permission file that is used to validate users.下面代码的其余部分链接到用于验证用户的权限文件。 The error shows that the argument is not getting to the this.validateToken part.错误表明参数没有到达this.validateToken部分。
exports.hasPermission = (token, resource) => {
const result = this.validateToken(token, this.getSecret());
console.log(result);
if (result.name === 'JsonWebTokenError') {
return false;
} else if (result.permissions) {
let permissionSet = new Set(result.permissions);
console.log('permissions in token', JSON.stringify(permissionSet));
return permissionSet.has(resource);
} else {
return false;
}
};
I EDITED JWT.(SIGN) FUNCTION AS FOLLOWS我编辑了 JWT.(SIGN) 函数如下
return jwt.sign(payload, privateKey, signOptions, function (error, token){
if(error) {
return done(new JsonWebTokenError('error in generating token: ' + error.message));
} else {
console.log("Token :" + token);
}
});
};
1 个解决方案
解决方案1
0 2020-02-04 14:33:53
jwt.sign() return a callback function like this jwt.sign()返回一个这样的回调函数
jwt.sign(payload, expiration, function (error, token) {
if(error) {
// Faild Error
} else {
// Get token and do continue
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.