[英]How to use a JWT token inside an httpOnly cookie to call a restricted api endpoint
我正在使用next.js和next-auth来针对 API 登录用户。 如果登录成功,则会为浏览器设置一个 httpOnly cookie。 cookie 名称是__Secure-next-auth.session-token ,这是值(不用担心是假数据):
eyJhbGciOiJIUzUxMiJ9.eyJ0b2tlbiI6ImV5SjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSlNVekkxTmlKOS5leUpwWVhRaU9qRTJNelkyTXprMk5EY3NJbVY0Y0NJNk1UWXpOalkwTXpJME55d2ljbTlzWlhNaU9sc2lVazlNUlY5VlUwVlNJbDBzSW5WelpYSnVZVzFsSWpvaVpYSnVZVE01UUhkbFltVnlMbU52YlNKOS5obWZqQ3NBWDFsWHdCMWdUNDlRUFdRWjM4OG52b2pKTlJMaDI1d3RCTVlBSHhQN2RxelpsZWFzTWZSVXZqSmJXVjdRUldYZnRYYUJFOG1pTEE4Y1JsNTVlZUd5bE9MbHhoQVRORTZPNjZLQjdzMXhPczB6Nmg1TXFadnlRa3JhcjFfYnF5WXgzQzBZdXVHWk1NWEFMUDJPS3Q5Sjk2dVdZVF9KT25USzNhRTZEQnpqaWF5OWw2alludExLZkUyQUhKMVgwVE9UcEN3QjBHeFB3d1otVWh0NjU5NEtLZS0yakpkQmhqd185VGJWSUVFaV9SbF8zMDFabmhHdDZZYzN6SE9WNm9WSk4zOTBSTXFrM283cWRONkw0R0JKb1g5NzQ1NkNJLTVFSllJN3ozcXpjVEwtZUNGc3luRkJIZHEzNnF2TFd3aDJpeDVkTy1MVDU1cXE5VlEiLCJpYXQiOjE2MzY2NTcwNjYsImV4cCI6MTYzOTI0OTA2Nn0.QGRPwJSECbFfkvUyn8h-gInELUzGHsxBFrnMAW9zEfqCuHwJRkT1aunqFt7g5aWp6DZrSUHaKvp3OJr-0xwUzw
如果我解码这个 jwt,我会得到一个对象,其中一个属性是jwt ,值是我从 API 收到的令牌。
谁能告诉我
目前我只是用这个选项做一个 fetch 调用
method: 'GET',
'cors': 'no-cors',
credentials: 'same-origin'
但不幸的是,我得到的回应是
[Symbol(Response internals)]: {
url: 'https://localhost/countries',
status: 401,
statusText: 'Unauthorized',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 0
}
您需要检查您的 API 文档以了解它所期望的内容。 例如,您通常会将令牌附加到Authorization标头
如何使用在身份验证标头中另存为httpOnly cookie的访问令牌?
[英]How to use access token that was saved as httpOnly cookie in authentication header?
在客户端 Javascript 应用程序中处理 JWT 令牌 - httpOnly Cookie 与 LocalStorage
[英]Handling JWT Token in Client Javascript Apps - httpOnly Cookie vs LocalStorage
Javascript 获取不发送 JWT httponly cookie 到.Net Core 6 API
[英]Javascript Fetch not sending JWT httponly cookie to .Net Core 6 API
express - 如何在对 API 的请求中读取 HttpOnly cookie?
[英]express - How to read HttpOnly cookie in request to API?
使用jwt进行身份验证时如何在客户端使用httpOnly?
[英]How to use httpOnly on the client side when using jwt for authentication?
使用 httponly cookie 将 JWT 从节点 REST API 发送到 Z75FAEE4DDC6AF5F7C0ZSPACE40F33FB85DA
[英]Using httponly cookie to send JWT from node REST API to Vue.js SPA
httpOnly cookie 中的 JWT - AuthGuard 和受保护的路由(Node.js、Angular)
[英]JWT in httpOnly cookie - AuthGuard and protected routes (Node.js, Angular)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.