CakePHP 3 JWT Auth给出401未经授权的错误
我正在使用CakePHP 3 JWT Auth给出401未经授权的错误,cakephp,jwt-auth,cakephp-3.6,Cakephp,Jwt Auth,Cakephp 3.6,我正在使用CakePHP3.6和JWT Auth在我的应用程序中启用基于令牌的身份验证,前端是用Angular 6编写的 我的登录控制器如下 <?php namespace App\Controller\Api; use Cake\Event\Event; use Cake\Http\Exception\UnauthorizedException; use Cake\Utility\Security; use Crud\Controller\Component\CrudComponent
CakePHP3.6
和JWT Auth
在我的应用程序中启用基于令牌的身份验证,前端是用Angular 6
编写的
我的登录控制器如下
<?php
namespace App\Controller\Api;
use Cake\Event\Event;
use Cake\Http\Exception\UnauthorizedException;
use Cake\Utility\Security;
use Crud\Controller\Component\CrudComponent;
use Firebase\JWT\JWT;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->Auth->allow(['add', 'token']);
}
public function token()
{
$user = $this->Auth->identify();
if (!$user) {
throw new UnauthorizedException('Invalid username or password');
}
$this->set([
'success' => true,
'data' => [
'token_type' => 'Bearer',
'expires_in' => 604800,
'token' => JWT::encode([
'sub' => $user['id'],
// 'exp' => time() + 604800
],
Security::getSalt())
],
'_serialize' => ['success', 'data']
]);
}
}
请求/响应标头具有令牌
我试过什么
- 我试图在生成访问令牌时禁用exp
- 尝试在CakePHP应用程序中禁用调试
当CakePHP服务器应用程序在本地运行时,它工作得非常好。在.htaccess中尝试此规则(如果mod_rewrite被激活): 使用LAMP的Bitnami堆栈(例如在EC2 AWS实例上),php fdm模块过滤每个请求的头,并且“授权”头被拧紧 使用这一行,您可以强制创建带有原始授权标头的$HTTP变量
如果您正在接收头中的授权,请检查cakephp代码。在身份验证代码中进行一些调试,以确定它的确切退出位置,这可能会提示您原因。@Anuj TBE:任何解决方案?如果有http到https的重定向,也请检查您的htaccess。请删除这些重定向。$\u服务器在您的cakephp操作中检查此项
<?php
use Cake\Controller\Controller;
class AppController extends Controller
{
use \Crud\Controller\ControllerTrait;
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Crud.Crud', [
'actions' => [
'Crud.Index',
'Crud.View',
'Crud.Add',
'Crud.Edit',
'Crud.Delete'
],
'listeners' => [
'Crud.Api',
'Crud.ApiPagination'
]
]);
$this->loadComponent('Auth', [
'storage' => 'Memory',
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
],
'finder' => 'auth'
],
'ADmad/JwtAuth.Jwt' => [
'parameter' => 'token',
'userModel' => 'Users',
'finder' => 'auth',
'fields' => [
'username' => 'id'
],
'queryDatasource' => true
]
],
'unauthorizedRedirect' => false,
'checkAuthIn' => 'Controller.initialize'
]);
}
}
401: Unauthorized access
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1