我试图创建一个非常基本的身份验证系统,但我已经陷入了某个地方。
我使用Auth0。这是我使用的种子项目:https://auth0.com/docs/quickstart/spa/jquery/nodejs
他们告诉我,我可以在req.user.sub中看到登录用户的ID,但它返回" UnauthorizedError:未找到授权标头"即使我在浏览器中有userToken(所以我登录了,这不是问题)。
这是一个假想的链接
app.get('/secure/try', function(req,res) {
res.send(req.user.sub); // returns UnauthorizedError: No Authorization header was found
});
完整的server.js
var http = require('http');
var express = require('express');
var cors = require('cors');
var app = express();
var jwt = require('express-jwt');
var dotenv = require('dotenv');
dotenv.load();
var authenticate = jwt({secret: new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'), audience: process.env.AUTH0_CLIENT_ID});
// view engine setup
var path = require('path');
app.set('views', path.join(__dirname, 'views'));
app.use(express.static(path.join(__dirname, 'public')));
app.set('view engine', 'jade');
app.configure(function () {
// Request body parsing middleware should be above methodOverride
app.use(express.bodyParser());
app.use(express.urlencoded());
app.use(express.json());
app.use('/secured', authenticate);
app.use(cors());
app.use(app.router);
});
var port = process.env.PORT || 3001;
http.createServer(app).listen(port, function (err) {
console.log('listening in http://localhost:' + port);
});
auth0-variables.js
var AUTH0_CLIENT_ID='IT IS CORRECT';
var AUTH0_DOMAIN='IS IS CORRECT';
var AUTH0_CALLBACK_URL="THIS IS ALSO CORRECT";
app.js(客户端)
$(document).ready(function () {
var lock = new Auth0Lock(
// All these properties are set in auth0-variables.js
AUTH0_CLIENT_ID,
AUTH0_DOMAIN
);
var userProfile;
$('.btn-login').click(function (e) {
e.preventDefault();
lock.show({
icon: 'https://cdn4.iconfinder.com/data/icons/flaten-rounded/512/lock-48.png'
}, function (err, profile, token) {
if (err) {
// Error callback
console.log("There was an error");
alert("There was an error logging in");
} else {
// Save the JWT token.
localStorage.setItem('userToken', token);
//console.log(id_token);
// Save the profile
userProfile = profile;
$('.login-box').hide();
$('.logged-in-box').show();
$('.nickname').text(profile.nickname);
$('.nickname').text(profile.name);
$('.avatar').attr('src', profile.picture);
}
});
});
$.ajaxSetup({
'beforeSend': function (xhr) {
if (localStorage.getItem('userToken')) {
xhr.setRequestHeader('Authorization',
'Bearer ' + localStorage.getItem('userToken'));
}
}
});
});
index.jade
doctype html
html
head
meta(charset='utf-8')
script(src='javascripts/jquery.js')
script(src='http://cdn.auth0.com/js/lock-7.9.min.js')
meta(name='viewport', content='width=device-width, initial-scale=1')
// font awesome from BootstrapCDN
link(href='http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css', rel='stylesheet')
link(href='http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css', rel='stylesheet')
script(src='javascripts/auth0-variables.js')
script(src='javascripts/app.js')
link(href='javascripts/app.css', rel='stylesheet')
body.home
#click Click here
.container
.login-page.clearfix
.login-box.auth0-box.before
img(src='https://i.cloudup.com/StzWWrY34s.png')
h3 Auth0 Example
p Zero friction identity infrastructure, built for developers
a.btn.btn-primary.btn-lg.btn-login.btn-block(ng-click='login()') SignIn
.logged-in-box.auth0-box.logged-in(style='display: none;')
h1#logo
img(src='auth0_logo_final_blue_RGB.png')
img.avatar
h2
| Welcome
span.nickname
script(src="javascripts/rand.js")
当用户尝试查看/保护页面时,我需要从某个地方获取userToken并在服务器端验证它(因此我知道他是否允许查看该页面)但据我所知,userToken只保存在浏览器的本地存储中,这意味着它在客户端。
我认为我错过了一些基本的东西(非常基础,如警报(" duh!");)。
我在这里寻找什么,你能给我一些关键词或者告诉我一个实现这个目标的方法吗?
谢谢!