如何使用 jwt 令牌获取用户 ID [英] How to get user id using jwt token
问题描述
我试图从 JWT 令牌中获取用户 ID.我获得了 JWT 令牌并成功验证了它,但它没有返回 ID.
I tried to get user id from a JWT token. I got a JWT token and sucessfully verified it, but it doesn't return an id.
当我解码 JWT 时:
When I decode the JWT:
const decoded = jwt.verify(token, config.get('jwtPrivateKey'));
var userId = decoded.id
console.log(decoded)
我得到了这个输出:
{ iat: 1561463667 }
但我排除了这个输出:
id :"*****************"
如何从令牌中获取用户 ID?
How do I get the user id from the token?
推荐答案
当整个输出为 { iat: 1561463667 }
时,这意味着当令牌被签.jsonwebtoken 包 通常会添加 iat
(issuedAt,令牌的发行时间)作为默认声明.
When the whole output is { iat: 1561463667 }
, it means, that no extra payload/claims were added when the token was signed.
The jsonwebtoken package usually adds iat
(issuedAt, the time when the token was issued) as a default claim.
简而言之:您只能解码之前添加的声明.
In simple words: you can only decode claims, that were added before.
要添加更多声明,请尝试以下代码(当您控制发出令牌的代码时):
To add more claims, try this code (when you're in control of the code which issues the token):
let payload = { "id" : "1"};
let token = jwt.sign( payload,'secret', { noTimestamp:true, expiresIn: '1h' });
这里我添加了一个到期时间(exp
),并设置选项 noTimestamp
以抑制自动添加的 iat
声明.
Here I added an expiry time (exp
), and set the option noTimestamp
to suppress the automatically added iat
claim.
结果如下:
{
"id": "1",
"exp": 1561471747
}
和令牌:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJleHAiOjE1NjE0NzI0MzV9.jmKyITRoxLl0fy0-rrwgPOA_iRgGQu8W4Cc6dPupOMA
然后你可以得到你在问题中已经显示的id:
Then you can get the id as you have already shown in your question:
const decoded = jwt.verify(token, "your secret or key");
var userId = decoded.id
console.log(userId)
您还可以将上面显示的 JWT 或您的令牌粘贴到 https://jwt.io 调试器中,以检查令牌并查看结构和实际声明名称.也许没有 id
,而是 userId
或类似的,或者 sub
claim,这是一个注册声明名称,用于识别主体:
You can also paste the above shown JWT or your token into the https://jwt.io debugger, to inspect the token and see the structure and the actual claim names. Maybe there's no id
, but a userId
or similar, or a sub
claim, which is a registerd claim name to be used to identify the principal:
子"(subject) claim 标识作为主体的主体JWT 的主题.
The "sub" (subject) claim identifies the principal that is the subject of the JWT.
也可能发生,令牌包含嵌套对象,例如:
It might also happen, that the token contains nested objects, e.g.:
{
"user_data":
{
"user_id": "1",
"user_name: "superuser"
},
"exp": 1561471747
}
然后你可以通过这种方式获得 user_id:
then you get the user_id this way:
const decoded = jwt.verify(token, "your secret or key");
var userId = decoded.user_data.user_id
console.log(userId)
这篇关于如何使用 jwt 令牌获取用户 ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!