[英]JWT malformed while trying to verify
I know this question get asked a lot, but i just can't find what the problem is, So i already signed the some data with a token and when i try to verify it, it return "jwt malformed", although when i console log the both the token and the "secret token" in my dotenv file, they are all the same: the token receive from the authheader: 1e0af40b5849caa62d2bd4a65fddc832b027034fe656d50003b86e1417af6491c944b9ed936e5090d114a4c81aa09754d920daa58736f3ba6d49977cc271a0dd
, same goes the token in dotenv file : 1e0af40b5849caa62d2bd4a65fddc832b027034fe656d50003b86e1417af6491c944b9ed936e5090d114a4c81aa09754d920daa58736f3ba6d49977cc271a0dd
.我知道这个问题经常被问到,但我就是找不到问题所在,所以我已经用令牌对一些数据进行了签名,当我尝试验证它时,它返回“jwt 格式错误”,尽管当我控制台时日志令牌和我dotenv文件中的“秘密令牌”两种,它们都是一样的:令牌从authheader接受:
1e0af40b5849caa62d2bd4a65fddc832b027034fe656d50003b86e1417af6491c944b9ed936e5090d114a4c81aa09754d920daa58736f3ba6d49977cc271a0dd
,同去的令牌dotenv文件: 1e0af40b5849caa62d2bd4a65fddc832b027034fe656d50003b86e1417af6491c944b9ed936e5090d114a4c81aa09754d920daa58736f3ba6d49977cc271a0dd
。 Aren't the jwt verify method only check whether the two string matches, do i need more configuration in the signing method? jwt verify 方法不是只检查两个字符串是否匹配,我是否需要在签名方法中进行更多配置? like specifying the signing algo or type: this is my middleware code for verify:
比如指定签名算法或类型:这是我用于验证的中间件代码:
function authenticateToken(req , res , next){
const authHeader = req.headers.authorization;
const token = authHeader && authHeader.split(' ')[1]
console.log(token)
if(token == null)return res.status(401).send()
jwt.verify(token , process.env.ACCESS_TOKEN_SECRET , (err , user)=>{
console.log(process.env.ACCESS_TOKEN_SECRET)
console.log(err)
if(err){return res.status(403).send()}
console.log(err)
req.new_user = user;
next()
})
}
return some value after verification :验证后返回一些值:
isLoggedIn(app ,db){
app.get('/isLoggedIn' , authenticateToken, async(req ,res)=>{
await db.query('select * from client where username = $1' , [req.new_user.name] , (err , data)=>{
res.json(data.rows[0])
})
})
}
And I probably don't think the issues lies here since:而且我可能认为问题不在这里,因为:
logging_auth(app ,db){
app.post('/logging_auth' , async(req ,res)=>{
let credential = req.body
let email = credential.login_email;
let password = credential.login_password
let email_cols = [email];
await db.query('select client_password , username from client where email = $1' , email_cols , async(err , data)=>{
if(data && data.rows.length === 0){
res.json({
success : false,
msg : 'email or password does not exist'
})
}
if(data && data.rows.length === 1){
bycrypt.compare(password , data.rows[0].client_password , (bcrypterr , verified)=>{
//if verified gives token
if(verified){
const new_user = {name : data.rows[0].username}
jwt.sign(new_user , process.env.ACCESS_TOKEN_SECRET)
res.json({access_token : process.env.ACCESS_TOKEN_SECRET , success : true , use:new_user.name})
}else{
console.log(bcrypterr)
}
//else resposne success false
})
}
if(err){
res.json({
success : false,
msg : 'Opps Something Went Wrong',
status : 501
})
}
})
})
}
the error happens only during the verification process.错误仅在验证过程中发生。
The issue is in your last code snippet.问题出在您的最后一个代码片段中。 You are sending your JWT private key.
您正在发送您的 JWT 私钥。
jwt.sign()
returns a JWT. jwt.sign()
返回一个 JWT。 So instead of these lines:所以而不是这些行:
jwt.sign(new_user , process.env.ACCESS_TOKEN_SECRET)
res.json({access_token : process.env.ACCESS_TOKEN_SECRET , success : true , use:new_user.name})
Try it like this:像这样尝试:
const access_token= jwt.sign(new_user, process.env.ACCESS_TOKEN_SECRET)
res.json({access_token, success : true , use:new_user.name})
In your response, you should then receive a token that looks something like this: xxxxx.yyyyy.zzzzz
, where x is the header, y is the payload (your user data) and z is the signature.在您的响应中,您应该会收到一个类似于以下内容的令牌:
xxxxx.yyyyy.zzzzz
,其中 x 是标头,y 是有效负载(您的用户数据),而 z 是签名。
You can read more about the structure of a JWT on JWT.io .您可以在JWT.io上阅读有关 JWT 结构的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.