JWT令牌-使用ServiceStack将会话转换为令牌的授权问题

时间:2019-04-24 09:02:26

标签: jwt servicestack

问题:

发布到我们的身份验证服务器时,我遇到401授权问题,即将会话转换为令牌(ConvertSessionToToken)。

背景

  • API和身份验证服务器:ServiceStack v5.5 .NET Core-通过https:// {{confidential}} .azurewebsite.net
  • 提供
  • 用户界面:Nuxt来自http://localhost:3000/

ServiceStack API-身份验证设置

  Plugins.Add(new AuthFeature(() => new CustomUserSession(), new IAuthProvider[] {
                new JwtAuthProvider(AppSettings)
                {
                    RequireSecureConnection = false,
                    IncludeJwtInConvertSessionToTokenResponse = true
                },
                new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
            }));

还启用了CORS

  Plugins.Add(new CorsFeature(
            allowOriginWhitelist: new[] {
                "http://localhost:3000" },
            allowCredentials: true,
            allowedHeaders: "Content-Type, Allow, Authorization",
            maxAge: 60 * 60)); //Cache OPTIONS permissions

UI-gateway.js

const BaseUrl = "https://acpdapi.azurewebsites.net/"; // .NET Core App Server on Azure

export const client = new JsonServiceClient(BaseUrl);

export const getSessionInfo = async () => {
  try {
    //Converts Session to JWT Token Cookie
    // Issue: 401 Auth - requested resource requires authentication
    const authResponse = await client.post(new ConvertSessionToToken());
    client.bearerToken = authResponse.accessToken;

    //Remove unnecessary JWT from HTTP Headers so only JWT Cookie is used
    client.headers.delete("Authorization");
    return response;
  } catch (e) {
    return null;
  }
};

export const logout = async () => {
  const request = new Authenticate();
  request.provider = "logout";
  // await getSessionInfo();
  await client.post(request);
};

export const login = async (provider, userName, password) => {
  console.log("authenticating...");
  await logout();

  const request = new Authenticate();
  request.provider = provider;
  request.userName = userName;
  request.password = password;
  request.useTokenCookie = true;

  var response = await client.post(request);
  // happy days - I am getting successful token 
  await getSessionInfo();
  //return response;
  return `/${provider}`;
};

问题

我一定很想念一些明显的东西。从本地服务器(即http://localhost:5000https:///localhost:5001)提供.NET Core API时,我没有遇到报告的问题。

问题是什么-当我成功通过身份验证时,为什么在寻找ConvertSessionToToken时遇到身份验证问题?

谢谢

0 个答案:

没有答案