通过节点

时间:2018-06-26 12:38:05

标签: node.js jwt

我正在从Auth0获取JWT。我可以在Node服务器上使用以下中间件功能对其进行解码(使用https://www.npmjs.com/package/jwt-node

function authoriseToken(req, res, next) {
  const token = req.headers.authorization.replace('Bearer ', '');
  const decodedToken = jwt.decode(token);
  console.log('decodedToken ', decodedToken);
  next();
}

如何验证令牌?我不断收到错误消息JsonWebTokenError: invalid algorithm 

function authoriseToken(req, res, next) {
  const token = req.headers.authorization.replace('Bearer ', '');
  const verifyedToken = jwt.verify(token, "my-secrete");
  console.log('verifyedToken ', verifyedToken);
  next();
}

我不确定我应该使用secret还是jwksUri还是有什么区别

这是实际的令牌:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik16QkJRa1k0T0RRNE9VWTJORVZGT1VJNFFrSXpNRUZDT0RaQ01VSTBOVGN4TWpVeU1UYzNRdyJ9.eyJpc3MiOiJodHRwczovL25vbWFkZ3JvdXBzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YjMxMDhkNjc4NzFkNTBkZTA0Njc2NWEiLCJhdWQiOiJTZkQyMEVPZVdRbHlnWXIwUHNXODdtYjd0OGFBOFI2NiIsImlhdCI6MTUzMDAxMzQwMCwiZXhwIjoxNTMwMDQ5NDAwLCJhdF9oYXNoIjoiUi1mRGc3SVRzUUdqemplX3VUR01RdyIsIm5vbmNlIjoiQnN-VmZxNzdtNERuaTJ1LjlIUVJlSEpzeHA4UjF2aDcifQ.CwZb6j3DshbD5M-OWBQpc10EIpAd3D-TuZTA1p7alePobSRVM7bE9Yzr5DIRyc2YUQZQ_OBwVLfFPq0pEBTWFYq2O43FJZ726xP1zK7Ty4PvAoLe4Cx6E0Ow8V8Ymo87XCIKX8J1ndg47q5glKzsnSMToutEWRZ2lnxJyirD4m4EwFykDF8DalA1sWvqnYXEwWraY3VLroqyZH2nkeLDcpcMdJ0tWwmzldwi7ym9OmegV5GBl7F6BgrZNIJfdoT88Rs4AKzogJyJuVQ1XlD7Up_nYlAKBmRMgkFt3t_4iq7pTkgdrWl1tXuJQsnmkkVH6_yffNYrWDnuirWwTCG4XQ

2 个答案:

答案 0 :(得分:2)

verify在第三个参数中使用algorithms选项,并使用正确的参数调整值。

您可以在应用程序>高级设置> oauth> JsonWebToken签名算法下找到它

答案 1 :(得分:0)

在这里扩展Gabriel Bleu的答案是我完整的代码:

const jwt = require('jsonwebtoken');

const pemCert = `-----BEGIN CERTIFICATE-----
// <<CERT CODE HERE>>
-----END CERTIFICATE-----`;

function authoriseToken(req, res, next) {
  const token = req.headers.authorization;

  // If there is no token user is not logged in
  if (!token || token.length === 0) {
    next();
    return;
  }

  // If there is a token then add it to the res
  const tokenCrop = token.replace('Bearer ', '');
  const decodedToken = jwt.verify(tokenCrop, pemCert, { algorithm: 'RS256' });
  const userId = decodedToken.sub.replace('auth0|', '');
  req.authUserId = userId;
  next();
}

module.exports = authoriseToken;
相关问题
最新问题