在标题中传递JWT [英] Pass JWT in Header

问题描述

我正在学习使用NodeJs的JWT。我坚持在标题中传递JWT实际上我不知道该怎么做。

I am learning JWT with NodeJs. I am stuck at passing the JWT in header actually i do not know how to do this.

index.js档案

var express = require('express'),
 app = express(),
 routes = require('./routes'),
 bodyParser = require('body-parser'),
 path = require('path'),
 ejs = require('ejs'),
 jwt = require('jsonwebtoken');

app.use(bodyParser.urlencoded({ extended: false })); 
app.use(bodyParser.json());

app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');

app.post('/home',routes.loginUser);

app.get('/', function(req, res) {
  res.render('index');
});

app.get('/home',function(req, res) {
  jwt.verify(req.token, 'qwertyu6456asdfghj', function(err, data) {
    if (err) {
      res.sendStatus(403);
    } 
  });
});

 app.listen(3000,function(){
  console.log("Server running at Port 3000");
});

routes / index.js file

var  jwt = require('jsonwebtoken');

exports.home = function(req, res){
  res.render('home',{error: false});
};

exports.loginUser = function(req, res) {
    var uname = req.body.Username;
    var pwd = req.body.Password;

    if(uname && pwd === 'admin'){
        res.render('home');

    var token = jwt.sign({ user: uname }, 'qwertyuiopasdfghj');
    console.log('Authentication is done successfully.....');
    console.log(token);
    }

    response.json({
        authsuccess: true,
        description: 'Sending the Access Token',
        token: token
    });
};

当我运行应用程序时，我在 console.log <中获取令牌/ code>但是
如何在标题中传递令牌并将其存储在浏览器的localStorage中？

when i run the application i am getting the token in console.log but How can I pass token in header and store it in localStorage of browser?

推荐答案

因此，您希望将令牌发送到前端而不是正文。

So you want to send the token to frontend but not in the body.

推荐这样做的方法是使用Cookie。您可以在cookie中设置令牌，它可以在前端和后端自动访问。

The Recommended way to do so is to use cookies. You can set the token in the cookie and it can be automatically accessed in front-end and in the backend.

res.cookie('tokenKey', 'ajsbjabcjcTOKENajbdcjabdcjdc');

使用授权标头也是一种很好的方法，但在前端，你必须再次获取来自标头的令牌，然后保存在localStorage或cookie中，如果是cookie，则不需要这样做。

Using authorization headers is also a good approach, but again, in front-end, you have to fetch the token from headers and then save in localStorage or cookie, which you don't have to do in case of cookie.

res.header(field [, value]);

这篇关于在标题中传递JWT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！