我正在尝试使用JWT身份验证使用Hapi设置一个简单的Angularjs应用。
我使用jwt令牌链接向新注册的用户发送电子邮件,以验证电子邮件是否存在。链接如下所示:
http://127.0.0.1:3000/verifyEmail/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InJpY2tAaWNvZGU0dS5ubCIsInNjb3BlIjpbIkN1c3RvbWVyIl0sImZpcnN0TmFtZSI6IlJpY2siLCJsYXN0TmFtZSI6IkdvbW1lcnMiLCJpYXQiOjE0NDkxNDc5MzR9.6lWxcsSIC7DgAiGC0hcp7bdAhyl40Nbcqid3VgVtM6c
这是我生成令牌的方式:
handler: function(request, reply) {
request.payload.password = Common.encrypt(request.payload.password);
request.payload.scope = "Customer";
User.saveUser(request.payload, function(err, user) {
if (!err) {
var tokenData = {
userName: user.userName, //email address
scope: [user.scope],
firstName: user.firstName,
lastName: user.lastName
};
Common.sentMailVerificationLink(user,Jwt.sign(tokenData, privateKey));
reply("Please confirm your email id by clicking on link in email");
} else {
if (11000 === err.code || 11001 === err.code) {
reply(Boom.forbidden("please provide another user email"));
} else {
console.log(Boom.forbidden(err));
reply(Boom.forbidden(err)); // HTTP 403
}
}
});
}
现在,当我点击验证链接时,响应标题如下所示:
{ host: '127.0.0.1:3000',
connection: 'keep-alive',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;
q=0.8',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KH
TML, like Gecko) Chrome/46.0.2490.86 Safari/537.36',
dnt: '1',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,es;q=0.2',
'x-cookiesok': 'I explicitly accept all cookies' }
问题: 我错过了响应头中的授权令牌。如何在标题中发送授权令牌?
答案 0 :(得分:1)
您在网址中发送令牌,因此无法在标头中返回。你必须从网址上取回它。