問題描述

登錄后，我會向客戶端發(fā)送一個 JSON Web 令牌.我有一個自定義的 authInterceptor，它將 JSON Web 令牌發(fā)送回服務(wù)器端.

Upon logging in I send a JSON web token to the client-side. I have a custom authInterceptor which sends the JSON web token back to the server side.

當(dāng)我登錄時，一切正常.轉(zhuǎn)到不同的子頁面，效果很好.這是因為我有一個功能可以檢查 Passport 身份驗證或令牌身份驗證，并且在登錄時 Passport 身份驗證工作.

When I log in, everything works. Go to different sub-pages, works great. This is because I have a function which either checks for Passport authentication or token authentication, and upon logging in the Passport authentication works.

當(dāng)我關(guān)閉瀏覽器并返回站點時，JWT 無法解碼.當(dāng) JWT 放在 encoding 函數(shù)下方時，它可以解碼.我已經(jīng)嘗試了 jwt-simple 節(jié)點模塊和 jsonwebtoken 節(jié)點模塊，但我返回了同樣的錯誤.

When I close the browser and return to the site, the JWT cannot decode. The JWT can decode when it is placed just under the encoding function. I have tried both the jwt-simple node module and the jsonwebtoken node modules, and I come back with the same error.

這是我的自定義函數(shù)，用于檢查有效令牌:

This is my custom function which checks for a valid token:

function checkAuthentication(req, res, next){
  if (!req.headers.authorization) {
     return res.status(401).send({ message: 'Please make sure your request has an Authorization header' });
  }
  console.log("Here");
  var token = req.headers.authorization.split('.')[1];
  console.log(token);
  console.log(config.secret);
  var payload = null;
  try {
    console.log("And here....");
    payload = jwt.decode(token, config.secret);
    console.log(payload);
  }
  catch (err) {
    console.log(err);
    return false;
  }

  if (payload.exp <= moment().unix()) {
    return false;
  }
  req.user = payload.sub;
  return true;
}

jwt-simple 使用 jwt.encode() 和 jwt.decode，jsonwebtoken 使用 jwt.sign() 和 jwt.verify().這是我在控制臺中得到的:

jwt-simple uses jwt.encode() and jwt.decode, and jsonwebtoken uses jwt.sign() and jwt.verify(). This is what I get in my console:

Here
eyJzdWIiOiI1NmEyZDk3MWQwZDg2OThhMTYwYTBkM2QiLCJleHAiOjE0NTYxOTEyNzQsImlhdCI6MTQ1NTMyNzI3NH0
VerySecretPhrase
And here....
{ [JsonWebTokenError: jwt malformed] name: 'JsonWebTokenError', message: 'jwt malformed' } 

這是客戶端的 authInterceptor.我收集令牌并將其設(shè)置在請求標頭中:

This is the authInterceptor on the client-side. I collect the token and set it in the request header:

app.factory('httpInterceptor', function($q, $store, $window) {
return {
    request: function (config){
        config.headers = config.headers || {};
        if($store.get('token')){
            var token = config.headers.Authorization = 'Bearer ' + $store.get('token');
        }
        return config;
    },
    responseError: function(response){
        if(response.status === 401 || response.status === 403) {
            $window.location.href = "http://localhost:3000/login";
        }
        return $q.reject(response);
    }
};
});

推薦答案

很高興你明白了！對于后人來說，問題如下:JWT 由三個組件組成:標頭、有效負載和簽名(可以在這篇 toptal 帖子中找到一個很好、徹底的解釋)，所以當(dāng)你拆分JWT 到帶有 var token = req.headers.authorization.split('.') 的組件中，您分配給 token 的值僅指有效負載，而不是完整的智威湯遜.

Glad you got it figured out! The problem, for posterity, was the following: A JWT consists of three components, a header, the payload, and the signature (a good, thorough explanation can be found in this toptal post), so when you were splitting the JWT into components with var token = req.headers.authorization.split('.'), the value you were assigning to token referred to the payload only, rather than the full JWT.

因為 jwt-simple 解碼方法需要完整的令牌，而您只給它提供了要評估的有效負載，所以您的代碼觸發(fā)了jwt malformed"錯誤.在您的情況下，由于您在 Authorization 標頭中使用 Bearer 在令牌之前，您可以使用 var token = req.headers.authorization.split(' ') 取而代之.

Because the jwt-simple decode method expects the full token and you were only giving it the payload to assess, your code was triggering the 'jwt malformed' error. In your case, since you preceded the token with Bearer in your Authorization header, you could grab the full token with var token = req.headers.authorization.split(' ') instead.

這篇關(guān)于JWT 未解碼“JWT malformed"；- 節(jié)點角度的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！