vuejs 2 - vue-auth JWT令牌无法安全

时间:2018-03-13 15:07:02

标签: authentication vue.js vuejs2 jwt vue-resource

这是我的Vue对象:

target_link_directories(app sublib)

这是我的登录信息:

Vue.use(require('@websanova/vue-auth'), {
  auth: require('@websanova/vue-auth/drivers/auth/bearer.js'),
  http: require('@websanova/vue-auth/drivers/http/axios.1.x'),
 router: require('@websanova/vue-auth/drivers/router/vue-router.2.x'),
 fetchData: {url: 'http://localhost:5000/auth/user', method: 'GET', 
             enabled: true},
 tokenDefaultName: 'access_token',
 parseUserData: function (response) {
 console.log('found user')
 return response.data.user
 },
 tokenStore: ['localStorage']
})

工作流程应为

  • POST到/登录API返回令牌(这可行)
  • 存储令牌(这不起作用)
  • 使用令牌获取用户路由(这不起作用)

如果vue发布到/ login路由,则API返回以下内容:

this.$auth.login({
            data: {
              username: this.model.email,
              password: this.model.password
            },
            success: function (response) {
              alert(response)
              console.log(response)
              this.$auth.user = response.data
            },
            error: function (res) {
              console.log(res.data)
              console.log(res)
              this.$notify({
                component: {
                  template: `<span><strong>Oops, something went wrong... </strong><br>Not possible to login because of an internal server error</span>`
                },
                icon: 'fa fa-exclamation',
                horizontalAlign: 'right', // right | center | left
                verticalAlign: 'top', // top | bottom
                type: 'danger'  // info | success | warning | danger
              })
              this.model.error_msg = 'Not possible to login'
            },
            rememberMe: true,
            url: 'http://localhost:5000/auth/login',
            redirect: '/dashboard',
            fetchUser: true
          })

如果我检查开发工具中的本地存储,它似乎是空的

如何告诉vue-auth存储访问令牌? 感谢

1 个答案:

答案 0 :(得分:0)

您应该将access_token保存在成功案例中。

this.$auth.login({
  data: {
    username: this.model.email,
    password: this.model.password
  },
  success: function (response) {
    alert(response)
    console.log(response)
    this.$auth.token('access_token', response.data.access_token)
  }