Javascript JWT 未解码“JWT 格式错误”-Node Angular
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35375215/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JWT not decoding "JWT malformed" - Node Angular
提问by Les Paul
Upon logging in I send a JSON web token to the client-side. I have a custom authInterceptor which sends the JSON web token back to the server side.
登录后,我向客户端发送一个 JSON Web 令牌。我有一个自定义 authInterceptor,它将 JSON Web 令牌发送回服务器端。
When I log in, everything works. Go to different sub-pages, works great. This is because I have a function which either checks for Passport authentication or token authentication, and upon logging in the Passport authentication works.
当我登录时,一切正常。转到不同的子页面,效果很好。这是因为我有一个功能可以检查 Passport 身份验证或令牌身份验证,并且在登录后 Passport 身份验证有效。
When I close the browser and return to the site, the JWT cannot decode. The JWT can decode when it is placed just under the encoding function. I have tried both the jwt-simple node module and the jsonwebtoken node modules, and I come back with the same error.
当我关闭浏览器并返回站点时,JWT 无法解码。JWT 可以在将其置于编码功能下时进行解码。我已经尝试了 jwt-simple 节点模块和 jsonwebtoken 节点模块,但返回时出现了同样的错误。
This is my custom function which checks for a valid token:
这是我的自定义函数,用于检查有效令牌:
function checkAuthentication(req, res, next){
if (!req.headers.authorization) {
return res.status(401).send({ message: 'Please make sure your request has an Authorization header' });
}
console.log("Here");
var token = req.headers.authorization.split('.')[1];
console.log(token);
console.log(config.secret);
var payload = null;
try {
console.log("And here....");
payload = jwt.decode(token, config.secret);
console.log(payload);
}
catch (err) {
console.log(err);
return false;
}
if (payload.exp <= moment().unix()) {
return false;
}
req.user = payload.sub;
return true;
}
jwt-simple uses jwt.encode()and jwt.decode, and jsonwebtoken uses jwt.sign()and jwt.verify(). This is what I get in my console:
jwt-simple 使用jwt.encode()and jwt.decode,而 jsonwebtoken 使用jwt.sign()and jwt.verify()。这是我在控制台中得到的:
Here
eyJzdWIiOiI1NmEyZDk3MWQwZDg2OThhMTYwYTBkM2QiLCJleHAiOjE0NTYxOTEyNzQsImlhdCI6MTQ1NTMyNzI3NH0
VerySecretPhrase
And here....
{ [JsonWebTokenError: jwt malformed] name: 'JsonWebTokenError', message: 'jwt malformed' }
This is the authInterceptor on the client-side. I collect the token and set it in the request header:
这是客户端的 authInterceptor。我收集令牌并将其设置在请求标头中:
app.factory('httpInterceptor', function($q, $store, $window) {
return {
request: function (config){
config.headers = config.headers || {};
if($store.get('token')){
var token = config.headers.Authorization = 'Bearer ' + $store.get('token');
}
return config;
},
responseError: function(response){
if(response.status === 401 || response.status === 403) {
$window.location.href = "http://localhost:3000/login";
}
return $q.reject(response);
}
};
});
回答by Bennett Adams
Glad you got it figured out! The problem, for posterity, was the following: A JWT consists of three components, a header, the payload, and the signature (a good, thorough explanation can be found in this toptal post), so when you were splitting the JWT into components with var token = req.headers.authorization.split('.'), the value you were assigning to tokenreferred to the payload only, rather than the full JWT.
很高兴你明白了!对于后代来说,问题如下:JWT 由三个组件组成,一个标头、有效载荷和签名(可以在这篇 toptal 帖子中找到一个很好的、彻底的解释),所以当您将 JWT 拆分为组件时与var token = req.headers.authorization.split('.'),您分配给的值token仅引用有效负载,而不是完整的 JWT。
Because the jwt-simple decode method expects the full token and you were only giving it the payload to assess, your code was triggering the 'jwt malformed' error. In your case, since you preceded the token with Bearerin your Authorization header, you could grab the full token with var token = req.headers.authorization.split(' ')instead.
因为 jwt-simple decode 方法需要完整的令牌,而您只是为其提供了要评估的有效负载,所以您的代码触发了“jwt 格式错误”错误。在您的情况下,由于您在BearerAuthorization 标头中使用了令牌,因此您可以使用var token = req.headers.authorization.split(' ')代替获取完整令牌。
