节点上的jwt-客户端如何将令牌传递回服务器 [英] jwt on node - how does the client pass the token back to the server
问题描述
好的.
我认为我无法理解基于令牌的身份验证的基本部分.
如果您尚未登录,我正在使用带有express的节点,并正在使用jwt阻止访问我的网站.我可以在登录页面上创建令牌,然后将其发送回客户端并将其存储在localStorage/cookie.现在,如果用户想导航到另一个页面,他们将输入一个URL并触发获取请求.
在作为get请求的一部分加载页面之前,如何从localStorage/cookie访问该令牌并将其传递给服务器.我的假设是,应该有一种将令牌传递到服务器的方法-在中间件中进行拦截-如果令牌是合法的,则加载页面,或者如果令牌未正确验证,则重定向到登录页面.
在发布请求时,这会简单得多,因为您可以在页面加载后获取令牌并将其作为ajax调用的一部分传递.
我已经看到了将令牌包含在请求标头(授权承载)中的参考.我认为这仅适用于发布,因为如果您能够将标头参数设置为全局",那么为什么还要麻烦在客户端将其存储在cookie/localStorage中.
因此,您可以看到我对工作流程感到有些困惑.好像我某种程度上要反对谷物.任何清晰度将不胜感激.
如果使用localStoage来存储JWT,那么将其传递到服务器的最简单方法是首先从localStorage检索令牌使用localStorage.getItem('token')(或任何令牌名称),然后将其插入到请求的标头中(可以是GET或POST/PUT/DELETE).依赖于您用于处理客户端上的http请求的库,可以采用不同的方法.例如,在jQuery中,您可以在AJAX请求中执行以下操作:
$.ajax({
url: API_URL + "/endpoint",
method: "GET",
beforeSend: function(request){
request.setRequestHeader("Authorization", "BEARER " + localStorage.getItem('token'));
}
})
此后,就像通常一样,在服务器端只需访问request.header选项即可访问参数.希望这会有所帮助!
okay.
I think I have failed to understand an elemental part of token based authentication.
I am using node with express and am using jwt to prevent access to my site if you haven't logged in. I can create a token on the login page, and I can send it back to the client and store it in localStorage/cookie. Now if the user wants to navigate to another page they will type in a url and trigger a get request.
How do I access that token from localStorage/cookie and pass it to the server before I load the page as part of the get request. My assumption is that there should be a way of passing the token to the server - intercepting it in the middleware - and loading the page if the token is legit, or redirecting to the login page if the token isn't validated correctly.
On a post request this would be much simpler as you can fetch the token and pass it as part of an ajax call, after the page has loaded.
I have seen references to including the token as part of the request header (authorization bearer). I assume this only works for post, because if you were able to set the header parameter 'globally' then why would you bother storing on the client side in a cookie/localStorage.
So as you can see I am a little confused by the workflow. It seems like I am going against the grain somehow. Any clarity would be much appreciated.
If you are using localStoage in order to store the JWT, then the easiest way to pass it to the server is by retrieving first the token from the localStorage with localStorage.getItem('token') (or whatever your token name is) and then inserting it in the header of the request (either it is GET or POST/PUT/DELETE). Depeding on the library you are using to handle your http requests on the client, there are different ways of doing so. In jQuery for example, you can do the following inside the AJAX request:
$.ajax({
url: API_URL + "/endpoint",
method: "GET",
beforeSend: function(request){
request.setRequestHeader("Authorization", "BEARER " + localStorage.getItem('token'));
}
})
After this, on the server side simply access the parameters by accessing request.header options just as you would normally do. Hope this helps!
这篇关于节点上的jwt-客户端如何将令牌传递回服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
