NodeJS JWT如果与标志令牌相同,则验证失败偶数令牌

时间:2016-12-30 16:43:34

标签: node.js jwt express-jwt

尝试在NodeJS上开发我的API,我得到了我的签名令牌并将其发送回安全的api路由,但是jwt永远无效,即使它与我生成的令牌相同!我的代码出了什么问题?

我这样做了我的签名

pbkdf2(queryPassword, salt, 10000, length, digest, (err: Error, hash: Buffer) => {
  if (hash.toString('hex') === userPassword) {
    sign({'user': username, permissions: []}, secret, {expiresIn: '7d'}, (err, token => {
      response.json({'token': token});
    }));
  } else {
    response.json({'error': 'User / Password Mismatch'});
  }
});

以下是验证:

verify(token, secret, function(tokenError, decoded) {
    if (tokenError) { // i'm always getting error...
        return response.status(403).json({
            message: 'Invalid token, please Log in first'
        });
    }

    next();
});

这是我的Angular2服务,它从我的API

请求数据
let headers = new Headers({'Authorization': 'Bearer ' + this.token});
let options = new RequestOptions({headers: headers});
this.http.get(apiUrl, options);

由sign生成的令牌:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidHQiLCJwZXJtaXNzaW9ucyI6W10sImlhdCI6MTQ4MzExNTAzNCwiZXhwIjoxNDgzNzE5ODM0fQ.bJbH4619JAU8pf_6qcYl0V1V5PxWsPBRYeXbeb6VL_M

http服务收到的令牌:

承载eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoidHQiLCJwZXJtaXNzaW9ucyI6W10sImlhdCI6MTQ4MzExNTAzNCwiZXhwIjoxNDgzNzE5ODM0fQ.bJbH4619JAU8pf_6qcYl0V1V5PxWsPBRYeXbeb6VL_M

1 个答案:

答案 0 :(得分:0)

我终于找到了我的错误......

在我的angular2 Api中,我正在使用这条线

let headers = new Headers({'Authorization': 'Bearer ' + this.token});

我只需要发送

let headers = new Headers({'Authorization': this.token});
“持票人”导致我错误......