在节点中使用JWT进行授权 [英] Using JWT for Authorization in Node
问题描述
因此,我一直在学习使用POSTMAN进行身份验证的Udemy课程,但是我一直想知道它在使用浏览器的实际应用中如何工作.我们被教导如何将JWT令牌与res.header('x-auth-token',令牌)存储在一起.然后,当我们尝试访问受保护的路由时,我们将令牌手动添加到POSTMAN标头中,并在服务器上使用req.header('x-auth-token')获取令牌,并验证令牌.
So I've been following a Udemy course that uses POSTMAN to teach authentication, but I have been wonder how it works in an actual app that uses the browser. We are taught to store the JWT token with res.header('x-auth-token', token). And then when we try to access a route that is protected, we manually add the token in POSTMAN header and get the token with req.header('x-auth-token') on the server and verify the token.
但是在一个真实的应用程序中,我使用浏览器登录,的确确实使用令牌设置了标头,但是一旦我输入URL进入受限/已认证的必需路径,就可以说/user/profile,它要求我重新登录.当我输入新的URL时,令牌是否不保留?
But in a real app, I logged in using the browser and it did indeed set the header up with a token, but once I type in the URL to go into the restricted/authenticated required path, lets say /user/profile, it asks for me to log back in. Is the token not carrying over when I type in the new URL?
如何获取令牌,以便令牌在浏览器中随身携带,直到令牌到期?
How do I get it so the token is carried around in the browser till it expires?
推荐答案
类似于您使用POSTMAN在每个请求中手动添加令牌的方式,您的客户端应用程序需要处理(显然是与服务器端协调)如何发送服务器令牌.它不会自动在每个请求上进行.您需要存储服务器返回的JWT令牌.
Similar to how you manually add the token in every request with POSTMAN, your client side application needs to handle (Obviously in coordination with server side ) how you send the token to server. It will not be carried on every request automatically. You need to store the JWT token returned by the server.
如果您将JWT令牌存储在cookie中,那么浏览器将在您每次请求时发送令牌.但是也建议不要使用cookie.检查有关如何在客户端存储JWT令牌以及如何在以后的每个请求中重复添加令牌直到注销的各种方法.还有一种刷新令牌的概念,以防令牌过期而获得新令牌.
If you store the JWT token in a cookie, then browser will send token every time you make a request. But it is also recommended to not use a cookie. Check various ways on how to store the JWT token in the client side and how to repeatedly add the token on every future requests until logout. There is also a concept of refresh token to get a new token in case the token is expired.
查看以下博客以获取更多信息.您也可以在Internet上找到其他资源.
Check the below blogs to get more information. You can find other resources on the internet as well.
https://hasura.io/blog/jwt与graphql/
https://blog.nextzy.me/implementing-json-web-token-jwt-to-secure-your-app-c8e1bd6f6a29
这篇关于在节点中使用JWT进行授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
