Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/node.js/35.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javascript 正在尝试在节点中实现JWT身份验证。在受保护的路线上未经授权_Javascript_Node.js_Authentication_Jwt_Passport.js - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • Javascript 正在尝试在节点中实现JWT身份验证。在受保护的路线上未经授权

Javascript 正在尝试在节点中实现JWT身份验证。在受保护的路线上未经授权

javascript node.js authentication jwt

Javascript 正在尝试在节点中实现JWT身份验证。在受保护的路线上未经授权,javascript,node.js,authentication,jwt,passport.js,Javascript,Node.js,Authentication,Jwt,Passport.js,我正在尝试实现JWT身份验证/登录和/注册工作正常,它们返回身份验证令牌,但当我尝试使用标题“Authorization”=“JWT token_received”获取/secret时,它返回一个字符串“unauthorized”,我看不到来自JWTStrategy的任何日志记录。请告诉我哪里出了问题 var opts = {} opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken(); opts.secretOrKey = "

我正在尝试实现JWT身份验证/登录和/注册工作正常,它们返回身份验证令牌,但当我尝试使用标题“Authorization”=“JWT token_received”获取/secret时,它返回一个字符串“unauthorized”,我看不到来自JWTStrategy的任何日志记录。请告诉我哪里出了问题

var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = "very_secret"

passport.use(new JwtStrategy(opts, function(payload, next){
    console.log("payload received" + payload);
    User.findById(payload.id, function(err, user){
        console.log("user found:" + user);
        if(err){
            return next(err, false)
        }
        else if(user){
            return next(null, user)
        }
        else{
            return next(null, false)
        }
    });
    }
));

app.use(passport.initialize());

app.post("/login", function(req, res){

        var email = req.body.email;
        var password = req.body.password;

        var user = User.findOne({"email": email}, function(err, user){

        if(err){
            res.json({"error": err});
            return;
        }
        if(!user){
            res.json({"message": "No user found"});
            return;
        }
        if(user.password == password){
            res.json(
                { 
                    "message": "User found",
                    "token": jwt.sign({"id": user.id}, opts.secretOrKey)
                }
            );
        }
        else{
            res.json({"message": "Password did not match"});
        }
    });
});

app.post("/register", function(req, res){
new User({ email: req.body.email, password: req.body.password}).
    save(function(err, user){
            if(err){
                res.json({"message": "User cannot be created"});
            }
            else{
                res.json(
                    { 
                        "message": "ok",
                        "token": jwt.sign({"id": user.id}, opts.secretOrKey)
                    }
                );
            }
    });
});

app.get("/secret", passport.authenticate("jwt", {session: false}), function(req, res){
    console.log(req.get('Authorization'));
    res.json(req.user);
});
以邮递员为客户。要求邮递员提供详细信息

GET /secret HTTP/1.1
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Authorization: JWT token_I_received_on_login
Cache-Control: no-cache
Postman-Token: 114060a3-3074-6688-6245-0b0cfe7e9f04
明白了。在请求中犯了一个错误

根据,它应该是“授权”=“在登录时收到的承载令牌”

opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
应该是

ExtractJwt.fromAuthHeaderWithScheme('jwt');
客户端是否正在发送授权?Post假设您的REST客户端或浏览器请求正确。您可以发布代码,说明您是如何将
jwt令牌
传递到服务器的吗?使用postman进行测试,添加了请求详细信息。我觉得策略有些问题,因为它没有记录任何东西,但我不确定。我也有同样的问题。但我不明白护照jwt的流程。如何添加**如您所说,它应该是“授权”=“在登录时收到的承载令牌”**?我不明白:((((