智威汤逊不解码"智威汤逊畸形" - 节点角 [英] JWT not decoding "JWT malformed" - Node Angular

查看:276
本文介绍了智威汤逊不解码"智威汤逊畸形" - 节点角的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当在我记录发送一个JSON网络令牌发送给客户端。我有发送JSON网络令牌返回给服务器端自定义authInterceptor。

当我登录,一切正常。去不同的子页面,伟大工程。这是因为我有一个函数,无论是对Passport身份验证或令牌认证检查,并呼吁在Passport身份验证登录作品。

当我关闭浏览器并返回到现场,智威汤逊不能去code。当它刚下编码功能放置在智威汤逊可以去code。我试图同时JWT简单的节点模块和jsonwebtoken节点模块,我回来与相同的错误。

这是检查的有效标记我的自定义函数:

 函数checkAuthentication(REQ,资源,下一个){
  如果(!req.headers.authorization){
     返回res.status(401)。发送({消息:请确保您的请求有Authorization头'});
  }
  的console.log(在这里);
  VAR令牌= req.headers.authorization.split('。')[1];
  的console.log(标记);
  的console.log(config.secret);
  变种有效载荷=无效;
  尝试{
    的console.log(这里......);
    有效载荷= jwt.de code(令牌,config.secret);
    的console.log(负载);
  }
  赶上(错误){
    的console.log(ERR);
    返回false;
  }  如果(payload.exp< =时刻()UNIX()){
    返回false;
  }
  req.user = payload.sub;
  返回true;
}

智威汤逊简单的使用 jwt.en code() jwt.de code 和jsonwebtoken使用 jwt.sign() jwt.verify()。这是我在控制台中看到:

 在这里
eyJzdWIiOiI1NmEyZDk3MWQwZDg2OThhMTYwYTBkM2QiLCJleHAiOjE0NTYxOTEyNzQsImlhdCI6MTQ1NTMyNzI3NH0
VerySecretPhrase
和这里....
{[JsonWebTokenError:智威汤逊畸形]名称:JsonWebTokenError,留言:智威汤逊畸形'}

这是在客户端的authInterceptor。我收集令牌,并将其设置在请求头:

  app.factory('httpInterceptor',函数($ Q $商店$窗口){
返回{
    要求:功能(配置){
        config.headers = config.headers || {};
        如果($ store.get('令牌')){
            VAR令牌= config.headers.Authorization ='承载'+ $ store.get('令牌');
        }
        返回配置;
    },
    responseError:功能(响应){
        如果(response.status === 401 || response.status === 403){
            $ window.location.href =HTTP://本地主机:3000 /登录;
        }
        返回$ q.reject(响应);
    }
};
});


解决方案

很高兴你想通了!这个问题,留给后人,是以下内容:智威汤逊由三部分组成,一个头,有效载荷以及签名(<的href=\"http://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs\"相对=nofollow>好了,彻底的解释可以在此toptal帖子找到),所以当你被分裂成智威汤逊与组件 VAR令牌= req.headers.authorization.split ('。'),你被分配给值令牌中提到的唯一的有效载荷,而不是完整的智威汤逊。

由于在智威汤逊简单的德code方法需要的全部令牌,你只给它的有效载荷进行评估,你的code的触发智威汤逊畸形的错误。在你的情况,因为你preceded与承载标记在授权头,你可以抓住的全部令牌 VAR令牌= REQ。 headers.authorization.split('')来代替。

Upon logging in I send a JSON web token to the client-side. I have a custom authInterceptor which sends the JSON web token back to the server side.

When I log in, everything works. Go to different sub-pages, works great. This is because I have a function which either checks for Passport authentication or token authentication, and upon logging in the Passport authentication works.

When I close the browser and return to the site, the JWT cannot decode. The JWT can decode when it is placed just under the encoding function. I have tried both the jwt-simple node module and the jsonwebtoken node modules, and I come back with the same error.

This is my custom function which checks for a valid token:

function checkAuthentication(req, res, next){
  if (!req.headers.authorization) {
     return res.status(401).send({ message: 'Please make sure your request has an Authorization header' });
  }
  console.log("Here");
  var token = req.headers.authorization.split('.')[1];
  console.log(token);
  console.log(config.secret);
  var payload = null;
  try {
    console.log("And here....");
    payload = jwt.decode(token, config.secret);
    console.log(payload);
  }
  catch (err) {
    console.log(err);
    return false;
  }

  if (payload.exp <= moment().unix()) {
    return false;
  }
  req.user = payload.sub;
  return true;
}

jwt-simple uses jwt.encode() and jwt.decode, and jsonwebtoken uses jwt.sign() and jwt.verify(). This is what I get in my console:

Here
eyJzdWIiOiI1NmEyZDk3MWQwZDg2OThhMTYwYTBkM2QiLCJleHAiOjE0NTYxOTEyNzQsImlhdCI6MTQ1NTMyNzI3NH0
VerySecretPhrase
And here....
{ [JsonWebTokenError: jwt malformed] name: 'JsonWebTokenError', message: 'jwt malformed' }

This is the authInterceptor on the client-side. I collect the token and set it in the request header:

app.factory('httpInterceptor', function($q, $store, $window) {
return {
    request: function (config){
        config.headers = config.headers || {};
        if($store.get('token')){
            var token = config.headers.Authorization = 'Bearer ' + $store.get('token');
        }
        return config;
    },
    responseError: function(response){
        if(response.status === 401 || response.status === 403) {
            $window.location.href = "http://localhost:3000/login";
        }
        return $q.reject(response);
    }
};
});

解决方案

Glad you got it figured out! The problem, for posterity, was the following: A JWT consists of three components, a header, the payload, and the signature (a good, thorough explanation can be found in this toptal post), so when you were splitting the JWT into components with var token = req.headers.authorization.split('.'), the value you were assigning to token referred to the payload only, rather than the full JWT.

Because the jwt-simple decode method expects the full token and you were only giving it the payload to assess, your code was triggering the 'jwt malformed' error. In your case, since you preceded the token with Bearer in your Authorization header, you could grab the full token with var token = req.headers.authorization.split(' ') instead.

这篇关于智威汤逊不解码&QUOT;智威汤逊畸形&QUOT; - 节点角的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆