JWT总是在浏览器响应中返回无效的令牌错误

JWT总是在浏览器响应中返回无效的令牌错误

本文介绍了Node.js - Express.js JWT总是在浏览器响应中返回无效的令牌错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用node.js和express.js与

  var expressJwt = require('express-jwt'); 
var jwt = require('jsonwebtoken');

var SECRET ='shhhhhhhhared-secret';

app.use('/ api',expressJwt({secret:SECRET}));

app.post('/ authenticate',function(req,res){
// TODO validate req.body.username and req.body.password
// if无效,返回401
如果(!(req.body.username ==='john.doe'&& req.body.password ==='foobar')){
res。发送(401,'错误的用户或密码');
return;
}

var profile = {
first_name:'John',
last_name :'Doe',
email:'[email protected]',
id:123
};

//我们正在发送配置文件在令牌内
var token = jwt.sign(profile,SECRET,{expiresIn:18000}); // 60 * 5分钟

res.json({token:token});
});

app.get('/ api / protected',
function(req,res){
res.json(req.user);
});


I'm using node.js and express.js with the express-jwt module, and I have set up a simple HTTP server to test everything:

This is the node code involved:

 app.set('port', process.env.PORT || 3000);
    app.use(express.methodOverride());
    app.use(allow_cross_domain);
    app.use('/api', expressJwt({secret: '09qrjjwef923jnrge$5ndjwk'}));
    app.use(express.json());
    app.use(express.urlencoded());
    app.use('/', express.static(__dirname + '/'));
    app.use(function(err, req, res, next){
      if (err.constructor.name === 'UnauthorizedError') {
        res.send(401, 'Unauthorized');
      }
    });

    app.get('login',function(req,res){

    //...
    jwt.sign(results.username+results.email, secret, { expiresInMinutes: 9000000000*9393939393393939393939 });
    });

    app.post('api/profile',function(req,res){
     console.log(req.user); // this return undefined in console
     res.send(req.user); // response is pending and dunno why it returns error in browser console
    });

So once I open the /login URL I get logged in and I send the session token to api/post, which returns this response error in the browser console:

{"error":{"message":"invalid signature","code":"invalid_token","status":401,"inner":{}}}

I don't understand why this is happening, because the token stored in the front-end and the token in JWT are the same. What could be the reason for this error?

An example of headers POSTed to the api/post URL:

解决方案

Here is an example

http://blog.auth0.com/2014/01/07/angularjs-authentication-with-cookies-vs-token/

var expressJwt = require('express-jwt');
var jwt = require('jsonwebtoken');

var SECRET = 'shhhhhhared-secret';

app.use('/api', expressJwt({secret: SECRET}));

app.post('/authenticate', function (req, res) {
  //TODO validate req.body.username and req.body.password
  //if is invalid, return 401
  if (!(req.body.username === 'john.doe' && req.body.password === 'foobar')) {
    res.send(401, 'Wrong user or password');
    return;
  }

  var profile = {
    first_name: 'John',
    last_name: 'Doe',
    email: '[email protected]',
    id: 123
  };

  // We are sending the profile inside the token
  var token = jwt.sign(profile, SECRET, { expiresIn: 18000 }); // 60*5 minutes

  res.json({ token: token });
});

app.get('/api/protected',
  function(req, res) {
    res.json(req.user);
  });

这篇关于Node.js - Express.js JWT总是在浏览器响应中返回无效的令牌错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-11 08:43