从我的新Expo应用中的Auth0获取无效令牌

时间:2018-12-31 03:14:31

标签: react-native jwt expo auth0

我正在按照以下示例在新的Expo应用上实现Auth0身份验证: https://github.com/expo/auth0-example

似乎调用了Auth0并成功获取了令牌,但是在控制台中记录响应后,它立即也给了我以下错误:

  

可能的未处理的承诺拒绝(id:0)[InvalidTokenError:   指定的令牌无效:JSON中位置0处的令牌V异常]

我得到的答复是:

params:
access_token: “Vku7HOclH7pVi52bmzGHga89VwpfK_Y4”
exp://10.0.0.215:19000/–/expo-auth-session: “”
expires_in: “7200”
scope: “openid profile”
token_type: “Bearer”
proto: Object
type: “success”
url: “exp://10.0.0.215:19000/–/expo-auth-session#access_token=Vku7HOclH7pVi52bmzGHga89VwpfK_Y4&scope=openid%20profile&expires_in=7200&token_type=Bearer”

当我检查jwt.io上的access_token时,表明签名无效。知道这里可能是什么问题吗?

这是我的完整代码:

import React, { Component } from 'react';
import { AuthSession } from 'expo';
import { Alert, Button, View, Text } from 'react-native';
import jwtDecoder from 'jwt-decode';

import styles from '../constants/styles';

const auth0ClientId = 'my_client_id_for_my_mobile_app_from_Auth0_dashboard';
const auth0Domain = 'https://mydomain.auth0.com';

  /**
   * Converts an object to a query string.
   */
function toQueryString(params) {
  return '?' + Object.entries(params)
    .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
    .join('&');
}

export default class Login extends Component {

  constructor(props) {

    super(props);
    this.state = {
      username: null
    };
  }

  _loginWithAuth0 = async () => {

    const redirectUrl = AuthSession.getRedirectUrl();
    console.log(`Redirect URL (add this to Auth0): ${redirectUrl}`);
    const result = await AuthSession.startAsync({
      authUrl: `${auth0Domain}/authorize` + toQueryString({
        client_id: auth0ClientId,
        response_type: 'token',
        scope: 'openid profile',
        redirect_uri: redirectUrl,
      }),
    });

    console.log(result);
    if (result.type === 'success') {
      this.handleParams(result.params);
    }
  }

  handleParams = (responseObj) => {

    if (responseObj.error) {
      Alert.alert('Error', responseObj.error_description
        || 'something went wrong while logging in');
      return;
    }
    const encodedToken = responseObj.access_token;
    const decodedToken = jwtDecoder(encodedToken, { header: true });
    const username = decodedToken.name;
    debugger;
    this.setState({ username });
  }

  render() {
    return (
      <View style={styles.welcomeScreen}>
        <Text>Welcome to My Expo App!</Text>
        <Button title="Login with Auth0" onPress={this._loginWithAuth0} />
      </View>
    );
  }
}

P.S。我的Expo应用程序使用的是SDK版本31.0.0

1 个答案:

答案 0 :(得分:0)

非定制API的访问令牌是不透明的(类似于您收到的令牌),而不是JWT。这是因为您尚未在授权URL中设置audience。 Auth0仅提供JWT Access Tokens用于自定义API。

由于您请求openid范围,因此您收到的ID令牌将采用JWT格式。

相关问题
最新问题