如何使用jwt令牌获取用户ID [英] How to get user id using jwt token
问题描述
我试图从JWT令牌中获取用户ID.我得到了一个JWT令牌并成功验证了它,但是它没有返回ID.
I tried to get user id from a JWT token. I got a JWT token and sucessfully verified it, but it doesn't return an id.
当我解码JWT时:
const decoded = jwt.verify(token, config.get('jwtPrivateKey'));
var userId = decoded.id
console.log(decoded)
我得到了这个输出:
{ iat: 1561463667 }
但是我排除了以下输出:
But I excepted this output:
id :"*****************"
如何从令牌中获取用户ID?
How do I get the user id from the token?
推荐答案
当整个输出为{ iat: 1561463667 }
时,表示在对令牌进行签名时未添加额外的有效负载/声明.
jsonwebtoken软件包通常添加
When the whole output is { iat: 1561463667 }
, it means, that no extra payload/claims were added when the token was signed.
The jsonwebtoken package usually adds iat
(issuedAt, the time when the token was issued) as a default claim.
简单地说:您只能解码之前添加的声明.
In simple words: you can only decode claims, that were added before.
要添加更多声明,请尝试以下代码(当您控制发出令牌的代码时):
To add more claims, try this code (when you're in control of the code which issues the token):
let payload = { "id" : "1"};
let token = jwt.sign( payload,'secret', { noTimestamp:true, expiresIn: '1h' });
在这里,我添加了到期时间(exp
) ,并设置选项noTimestamp
以禁止自动添加iat
声明.
Here I added an expiry time (exp
), and set the option noTimestamp
to suppress the automatically added iat
claim.
结果如下:
{
"id": "1",
"exp": 1561471747
}
和令牌:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJleHAiOjE1NjE0NzI0MzV9.jmKyITRoxLl0fy0-rrwgPOA_iRgGQu8W4Cc6dPupOMA
然后,您可以获取问题中已经显示的ID:
Then you can get the id as you have already shown in your question:
const decoded = jwt.verify(token, "your secret or key");
var userId = decoded.id
console.log(userId)
您还可以将上面显示的JWT或令牌粘贴到 https://jwt.io 调试器中,检查令牌并查看结构和实际的索赔名称.也许没有id
,但是没有userId
或类似名称,或者是 sub
claim ,它是用于标识主体的注册的索赔名称:
You can also paste the above shown JWT or your token into the https://jwt.io debugger, to inspect the token and see the structure and the actual claim names. Maybe there's no id
, but a userId
or similar, or a sub
claim, which is a registerd claim name to be used to identify the principal:
"sub" (主旨)声明指出的主体是 JWT的主题.
The "sub" (subject) claim identifies the principal that is the subject of the JWT.
也可能发生,令牌包含嵌套对象,例如:
It might also happen, that the token contains nested objects, e.g.:
{
"user_data":
{
"user_id": "1",
"user_name: "superuser"
},
"exp": 1561471747
}
然后您通过以下方式获取user_id:
then you get the user_id this way:
const decoded = jwt.verify(token, "your secret or key");
var userId = decoded.user_data.user_id
console.log(userId)
这篇关于如何使用jwt令牌获取用户ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!