无效的智威汤逊签名

无效的智威汤逊签名

本文介绍了本地测试Azure的移动验证 - 无效的智威汤逊签名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我玩与Azure的移动应用后端(的NodeJS),作为讨论的此处。我一直在使用默认的网络设置配置来开发自己的移动应用程序,但现在我想定制的云后端功能,所以我创建了在Azure-Mobile的应用程序的。

I am playing with an Azure Mobile Apps backend (nodeJS), as discussed here. I have been using the default web setup configuration to develop my mobile app, but now I want to customise the cloud backend functionality, so I have created a local backend with the Azure-Mobile-Apps SDK.

我登录我的移动应用程序(使用Azure的客户端SDK授权方面),然后攻占的authToken。

I logged in with my mobile app (using the authorization aspect of the Azure client SDK) and then captured the AuthToken.

然后我构建了一个邮差HTTP POST请求,这些标题:

I then constructed a Postman HTTP POST request, with these headers:

ZUMO-API-VERSION = 2.0.0
x-zumo-auth = eyJ0eX000000000000000000000000000000.eyJ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000000000-000000000_00000_00000

注:我tokenm实际上并不拥有所有这些零,它看起来像一个有效令牌

NB: my tokenm doesn't actually have all those zeros, it looks like a valid token.

不过,POST请求的回应是:

However, the POST request's response is:

{
    名:JsonWebTokenError
    消息:无效的签名
  }

我想这可能是因为是由不同的服务(默认后端,而不是我的项目在本地主机上运行)产生的身份验证令牌。所以我初始化客户端采用本地主机,并试图与进行身份验证,但我得到了:

I thought this might be because the Auth token was generated by a different Service (the default backend rather than my project running on localhost). So I initialised a Client with localhost and tried to Authenticate with that, but I got:

记者:在错误日志!错误:与选定的身份验证提供登录未启用
  铬:[信息:控制台(12)]不允许加载本地资源:文件:///android_asset/webkit/android-weberror.png,来源:数据:text / html的,chromewebdata(12)

我发现我的WEBSITE_AUTH_SIGNING_KEY从 https://myApp.scm.azurewebsites.net/Env.cshtml 并把它添加到我的 azureMobile。 js文件,这是在同一目录作为我的 app.js 文件。它看起来是这样的:

Update:

I have found my WEBSITE_AUTH_SIGNING_KEY from https://myApp.scm.azurewebsites.net/Env.cshtml and added it to my azureMobile.js file, which is in the same directory as my app.js file. It looks like this:

console.log("Test");
module.exports = {
    cors: {
        origins: ['localhost']
    },
    data: {
        provider: 'mssql',
        server: '127.0.0.1',
        database: 'mytestdatabase',
        user: 'localDemo',
        password: 'myPassword'
    },
    logging: {
        level: 'verbose'
    },
    auth: { secret: 'xzy0000000000000000000000000000000000' },
};

不过,我还是得到同样的结果。有没有告诉我是否文件azureMobile被正确引用,还是别的什么是错的一种方式?

However, I still get the same result. Is there a way of telling whether my azureMobile file is being correctly referenced, or whether something else is wrong?

推荐答案

要验证JWT令牌本地的被托管服务创建的,你需要获得所使用的签名密钥。您可以通过打开浏览器来并找到了WEBSITE_AUTH_SIGNING_KEY值。把这个值并通过包含以下内容的项目的根目录创建(或更新)一个名为azureMobile.js文件来配置你的本地服务器:

To validate JWT tokens locally that were created by a hosted service, you need to obtain the signing key that is used. You can obtain this by opening a browser to https://mobile-service-name.scm.azurewebsites.net/Env.cshtml and finding the value for WEBSITE_AUTH_SIGNING_KEY. Take this value and configure your local server by creating (or updating) a file called azureMobile.js in the root of your project with the following content:

module.exports = {
    auth: { secret: 'value from WEBSITE_AUTH_SIGNING_KEY' }
};

它的建议通过增加azureMobile.js你的.gitignore文件,以排除部署该文件。

It's recommended to exclude this file from deployment by adding azureMobile.js to your .gitignore file.

这篇关于本地测试Azure的移动验证 - 无效的智威汤逊签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 15:40