如何在FeathersJS中设置JWT的sub声明? [英] How can I set the `sub` claim of a JWT in FeathersJS?
问题描述
对于JWT的sub
声明是可选的,但是feathersjs身份验证不允许我将其设置为空白字符串或将其删除.
The sub
claim for JWTs is optional, but the feathersjs-authentication won't let me set it to a blank string or remove it.
我能够在hook
之前的authentication
中的有效负载中添加一个新值,但是更改sub
或尝试删除它无效.
I was able to add a new value to the payload in the authentication
before hook
but changing sub
or trying to remove it doesn't work.
app.service('/api/auth').hooks({
before: {
create: [
// You can chain multiple strategies
auth.hooks.authenticate(['jwt', 'local']),
hook => {
// I can add a new `SUB` value but this method doesn't work for `sub`
Object.assign(hook.params.payload, {SUB: hook.params.payload.userId})
}
],
...
我尝试将相同的更改添加到after
挂钩中,但是那也不起作用.在我看来,将sub
值设置为anonymous
似乎不正确.他们的文档甚至说:
I tried adding the same change to the after
hook, but that didn't work either. Having the sub
value as anonymous
doesn't seem right to me. Their docs even say:
subject: 'anonymous', // Typically the entity id associated with the JWT
然而,似乎还没有直接方法使sub
JWT声明动态值.
Yet there does not seem to be a straight-forward way to make the sub
JWT claim a dynamic value.
推荐答案
The subject
or sub
is set in the authentication options and - like any other JWT specific option - can not be set through the payload.
看代码可以看到有效的JWT选项密钥可以通过params
设置(除了params.query
之外,它不在恶意客户端访问范围之内,因此不易被篡改):
Looking at the code you can see that valid JWT option keys can be set through params
(which other than params.query
is outside of a malicious client reach so it can't be easily tampered with):
app.service('/api/auth').hooks({
before: {
create: [
// You can chain multiple strategies
auth.hooks.authenticate(['jwt', 'local']),
hook => {
hook.params.jwt.subject = hook.params.payload.userId;
}
],
这篇关于如何在FeathersJS中设置JWT的sub声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!