使用Laravel 5，CORS和JWTAuth读取JWT令牌的授权头 [英] Reading Authorization header for JWT Token using Laravel 5, CORS, and JWTAuth

问题描述

我有一个很难的时间计算出来。我在我的Laravel 5 API上使用 JWTAuth ，我遇到了正在读取的令牌的问题。这是我知道和尝试：

I'm having a really hard time figuring this out. I am using JWTAuth on my Laravel 5 API and I'm having a problem with the token being read. This is what I know and tried:

我设置了我的CORS配置，以允许我的API路径的所有标题：

I have set my CORS configuration to allow all headers for my API path:

    return array(
    'defaults' => array(
        'supportsCredentials' => false,
        'allowedOrigins' => array(),
        'allowedHeaders' => array(),
        'allowedMethods' => array(),
        'exposedHeaders' => array(),
        'maxAge' => 0,
        'hosts' => array(),
    ),

    'paths' => array(
        'api/*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('*'),
            'allowedMethods' => array('*'),
            'maxAge' => 3600,
        ),
        '*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('Content-Type'),
            'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
            'maxAge' => 3600,
            'hosts' => array('api.*'),
        ),
    ),

);

我已将以下内容添加到apache的网站启用的conf文件：

I have added the following to apache's sites enabled conf file:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

我可以在Chrome工具中看到头文件以正确的格式传递回来， ：Authorization：Bearer tokenstring

And I can see in Chrome tools that headers are being passed back with the correct token and in the correct format: Authorization : Bearer tokenstring

任何人都可以看到我可能做错了吗？有人知道这个问题吗？

Can anyone see what I may be doing wrong? Does anyone know of issues with this?

推荐答案

我看到我的问题在哪里。根据 JWTAuth Github网页上的文档：

I see where my issue is. According to the documentation on the JWTAuth Github page:

Apache用户注意

Apache似乎丢弃了授权头不是base64
编码的用户/传递组合。所以要解决这个问题你可以添加以下到
您的apache配置

Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

我认为apache配置意味着000-default.conf文件。我错了。事实上，这是假定要在.htaccess文件中完成。一旦完成... POOF ，一切正常！

I thought apache config meant the 000-default.conf file. I was in error. In fact this was suppose to be done in the .htaccess file. Once done... POOF, everything works!

这篇关于使用Laravel 5，CORS和JWTAuth读取JWT令牌的授权头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！