Node.js – Express.js JWT在浏览器响应中总是返回一个无效的令牌错误
我用express-jwt模块使用了node.js和express.js,并且设置了一个简单的HTTP服务器来testing一切:
这是涉及的节点代码:
app.set('port', process.env.PORT || 3000); app.use(express.methodOverride()); app.use(allow_cross_domain); app.use('/api', expressJwt({secret: '09qrjjwef923jnrge$5ndjwk'})); app.use(express.json()); app.use(express.urlencoded()); app.use('/', express.static(__dirname + '/')); app.use(function(err, req, res, next){ if (err.constructor.name === 'UnauthorizedError') { res.send(401, 'Unauthorized'); } }); app.get('login',function(req,res){ //... jwt.sign(results.username+results.email, secret, { expiresInMinutes: 9000000000*9393939393393939393939 }); }); app.post('api/profile',function(req,res){ console.log(req.user); // this return undefined in console res.send(req.user); // response is pending and dunno why it returns error in browser console }); 所以,一旦我打开/login URL我login,我发送会话令牌到api/post ,这在浏览器控制台中返回此响应错误:
{"error":{"message":"invalid signature","code":"invalid_token","status":401,"inner":{}}}
我不明白为什么会发生这种情况,因为存储在前端的令牌和JWT中的令牌是相同的。 可能是这个错误的原因是什么?
一个标题的例子, api/post到api/post URL:
这是一个例子
http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/
var expressJwt = require('express-jwt'); var jwt = require('jsonwebtoken'); var SECRET = 'shhhhhhared-secret'; app.use('/api', expressJwt({secret: SECRET})); app.post('/authenticate', function (req, res) { //TODO validate req.body.username and req.body.password //if is invalid, return 401 if (!(req.body.username === 'john.doe' && req.body.password === 'foobar')) { res.send(401, 'Wrong user or password'); return; } var profile = { first_name: 'John', last_name: 'Doe', email: 'john@doe.com', id: 123 }; // We are sending the profile inside the token var token = jwt.sign(profile, SECRET, { expiresIn: 18000 }); // 60*5 minutes res.json({ token: token }); }); app.get('/api/protected', function(req, res) { res.json(req.user); });
另外,请确保你不要放一个:持有者。 例如
坏! Authorization: Bearer: eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH打印“未经授权的错误:jwt必须提供”到日志
好Authorization: Bearer eyJ0eXAiOiI1NiJ9.eyJpZCMjEyNzk2Njl9.4eU6X1wAQieH