环回认证错误

时间:2016-03-18 10:46:55

标签: authentication loopbackjs

我一直在努力了解最近几个小时为什么我无法在认证后访问我的任何模型

说我有一个模型my_model,其中包含以下内容的json文件

"acls": [
    {
      "accessType": "*",
      "property" : "*",
      "principalType": "ROLE",
      "principalId": "$authenticated",
      "permission": "ALLOW"
    },
    {
      "accessType": "*",
      "property" : "*",
      "principalType": "ROLE",
      "principalId": "$unauthenticated",
      "permission": "DENY"
    }
  ],

我有一个扩展用户的模型用户。

我转到http://localhost:3000/explorer并执行POST / users / login,收到一些ID为MY_TOKEN。 但是,请求时 http://localhost:3000/api/my_model?access_token=MY_TOKEN

我收到以下回复:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "code": "AUTHORIZATION_REQUIRED",
    "stack": "Error: Authorization Required\n    at 
      bla
    }
 }

我尝试使用DEBUG = loopback:security:*但它并没有真正提供信息。

loopback:security:access-context   ttl 1209600 +3ms
  loopback:security:access-context getUserId() null +2ms
  loopback:security:access-context isAuthenticated() false +1ms
  loopback:security:role Custom resolver found for role $authenticated +1ms
  loopback:security:role isInRole(): $unauthenticated +1ms
  loopback:security:access-context ---AccessContext--- +1ms
  loopback:security:access-context principals: [] +1ms
  loopback:security:access-context modelName my_model +1ms
  loopback:security:access-context modelId undefined +2ms
  loopback:security:access-context property find +1ms
  loopback:security:access-context method find +2ms
  loopback:security:access-context accessType READ +1ms
  loopback:security:access-context accessToken: +1ms
  loopback:security:access-context   id "eYKYFzfKLCF3Pq0QG8xcWjy4ZXR0fYHGLMvj6j5SbR9v30ctWaFAyXpTdFQvZ6FO" +1ms
  loopback:security:access-context   ttl 1209600 +1ms
  loopback:security:access-context getUserId() null +1ms
  loopback:security:access-context isAuthenticated() false +1ms
  loopback:security:role Custom resolver found for role $unauthenticated +1ms
  loopback:security:acl The following ACLs were searched:  +2ms
  loopback:security:acl ---ACL--- +1ms
  loopback:security:acl model my_model +2ms
  loopback:security:acl property * +2ms
  loopback:security:acl principalType ROLE +2ms
  loopback:security:acl principalId $unauthenticated +2ms
  loopback:security:acl accessType * +1ms
  loopback:security:acl permission DENY +1ms
  loopback:security:acl with score: +1ms 7499
  loopback:security:acl ---Resolved--- +1ms
  loopback:security:access-context ---AccessRequest--- +0ms
  loopback:security:access-context  model mo_model +1ms
  loopback:security:access-context  property find +1ms
  loopback:security:access-context  accessType READ +1ms
  loopback:security:access-context  permission DENY +2ms
  loopback:security:access-context  isWildcard() false +1ms
  loopback:security:access-context  isAllowed() false +1ms

我的身份验证无效吗?

非常感谢!

1 个答案:

答案 0 :(得分:0)

我有同样的问题。来发现,你不能拥有id == 0的用户。

所以我删除了我尝试使用的第一个用户,并将id更改为1,并且按预期工作。

希望这可以节省别人的麻烦。