[英]Express-jwt Throwing UnathorizedError: No Authorization Token was found in IE11 when Chrome and Firefox work
[英]No authorization token was found - Express-JWT and Auth0
我正在将 Auth0 集成到 MERN Stack 应用程序中。 流程应如下所示:
(到目前为止,一切看起来都很好)
这似乎是一个相当标准的身份验证流程。 问题是前端向后端询问用户信息时,报错:
UnauthorizedError: No authorization token was found
我的设置基本上是这样的:
// client-side config
const lock = new Auth0Lock(clientID, domain, {
auth: {
responseType: 'token',
audience: 'https://${domain}/userinfo',
redirectUrl: API_URL + '/api/users/callback',
params: {
scope: 'openid profile email' // no change
}
}
})
// server.js
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// [DB setup]
var sessConfig = {
secret: "[random string]",
cookie: {
sameSite: false
},
resave: false,
saveUninitialized: true
};
if(app.get('env') === 'production') sessConfig.cookie.secure = true;
app.use(session(sessConfig));
const {domain, clientID, clientSecret, callbackURL} = require('./config/auth0');
const passportStrategy = new Auth0Strategy(
{domain, clientID, clientSecret, callbackURL},
(accessToken, refreshToken, extraParams, profile, done) => done(null, profile)
)
passport.use(passportStrategy);
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user));
app.use(passport.initialize());
app.use(passport.session());
// [routing]
// routes/users.js
router.get('/callback', (req, res, next) => {
passport.authenticate('auth0', (err, user, info) => {
if(err) return next(err);
if(!user) return next(info);
req.logIn(user, err => {
if(err) return next(err);
const returnTo = req.session.returnTo;
delete req.session.returnTo;
res.redirect(returnTo || clientRootURL + '/callback');
})
})(req, res, next);
})
router.get(
'/current',
require('cors')(),
authenticate,
(req, res) => {
res.json({
id: req.user.id,
name: req.user.name,
email: req.user.email
});
}
);
// authenticate.js
module.exports = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${domain}/.well-known/jwks.json`
}),
audience: clientID,
issuer: `https://${domain}/`,
algorithms: ['RS256']
});
绝大多数直接来自 Auth0 文档。 我试图在登录后从 /users/current 端点获取用户信息,但它说它找不到授权。 有谁知道如何让它发挥作用?
您应该调用 /userinfo 端点以获取用户配置文件,或从 id_token 获取信息。 看看这个文档
每个经过身份验证的前端调用都应包含:
headers: {
Authorization: `Bearer ${token}`,
},
token
应该在哪里:
const token = await getAccessTokenSilently();
getAccessTokenSilently
是auth0
lib 的一个公共函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.