当我从邮递员发送令牌(载体)时,它工作正常。但是,当我从android应用程序发送相同的令牌时,它显示令牌已过期,但它是新的且未过期,并且令牌与邮递员工作正常。
我尝试发送不带令牌的get请求,它工作正常。服务器运行正常,除身份验证外,该类正常运行。
用于检查令牌的Node js代码:
const jwt = require('jsonwebtoken');
const JWT_KEY = require('../../config').getJwtSecrete();
module.exports = async (req, res, next) => {
try {
let token = req.headers.authorization;
token = getTokenFromHeader(token);
const decoded = jwt.verify(token, JWT_KEY);
req.email = decoded.email;
next();
} catch (error) {
return res.status(401).json({
message: 'Auth failed'
});
}
};
function getTokenFromHeader(token) {
return token.split(" ")[1];
}
Android:我的用于发送请求的get请求方法
public class GET_Request extends AsyncTask<String, Void, Bundle> {
private static final String REQUEST_METHOD = "GET";
private static final int READ_TIMEOUT = 10000;
private static final int CONNECTION_TIMEOUT = 10000;
private GETAsyncResponse delegate;
public GET_Request(GETAsyncResponse delegate) {
this.delegate = delegate;
}
@Override
protected Bundle doInBackground(String... params) {
String Url = params[0];
Bundle bundle = new Bundle();
String result = null;
BufferedInputStream bufferedInputStream;
ByteArrayOutputStream byteArrayOutputStream;
try {
URL requestUrl = new URL(Url);
HttpURLConnection connection = (HttpURLConnection) requestUrl.openConnection();
connection.setRequestMethod(REQUEST_METHOD);
connection.setReadTimeout(READ_TIMEOUT);
connection.setConnectTimeout(CONNECTION_TIMEOUT);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + UserInfo.getToken());
connection.connect();
if (connection.getResponseCode() == HTTP_OK) {
bufferedInputStream = new BufferedInputStream(connection.getInputStream());
int bisReadResult = bufferedInputStream.read();
byteArrayOutputStream = new ByteArrayOutputStream();
while (bisReadResult != -1) {
byteArrayOutputStream.write((byte) bisReadResult);
bisReadResult = bufferedInputStream.read();
}
result = byteArrayOutputStream.toString();
} else { //reading error
Log.e("doInBackground: ", String.valueOf(connection.getResponseCode()));
String error;
bufferedInputStream = new BufferedInputStream(connection.getInputStream());
int bisRealError = bufferedInputStream.read();
byteArrayOutputStream = new ByteArrayOutputStream();
while (bisRealError != -1) {
byteArrayOutputStream.write((byte) bisRealError);
bisRealError = bufferedInputStream.read();
}
/*This error string is for debugging*/
error = byteArrayOutputStream.toString();
Log.e("Error Buffer: ", error);
}
bundle.putString(JSON, result);
bundle.putInt(RESPONSE_CODE, connection.getResponseCode());
connection.disconnect();
} catch (FileNotFoundException f) {
f.printStackTrace();
bundle.putInt(RESPONSE_CODE, 400);
}
/*Internet not connected*/ catch (SocketTimeoutException s) {
bundle.putInt(RESPONSE_CODE, 0);
}
/*Any other error*/ catch (IOException e) {
e.printStackTrace();
bundle.putInt(RESPONSE_CODE, 500);
}
return bundle;
}
protected void onPostExecute(Bundle result) {
super.onPostExecute(result);
delegate.AfterGetRequestFinish(result);
}
public interface GETAsyncResponse {
void AfterGetRequestFinish(Bundle bundle);
}
}
我希望它成功进行身份验证。但是我不知道为什么它会失败并显示代码“ 401”和'java.io.FileNotFoundException'。
答案 0 :(得分:1)
JWT的功能之一是它们实质上是防篡改的。也就是说,假设您的可疑JWT在Node JS服务器端具有有效的签名和校验和,则意味着您的Android Java代码不可能更改该令牌的到期日期。
话说回来,这里最可能的解释是您实际上传递的令牌已经过期。发生这种情况可能有多种原因,最有可能的原因是您已将旧令牌缓存在某个地方,也许是出于共享首选项。