我已经在我的Node Koa应用中实现了JWT:
import Router from 'koa-router-middleware';
import { ApplicationState, ApplicationContext } from './types';
import configure from './configure';
import swagger from './swagger';
import healthcheck from './healthcheck';
import helloworld from './helloworld';
const jwt = require('jsonwebtoken');
// import * as jwt from 'jsonwebtoken'; << TODO
import * as koajwt from 'koa-jwt';
export default new Router<ApplicationState, ApplicationContext>()
.use(configure)
.use('/openapi.json', swagger)
.use('/', helloworld)
.use('/healthcheck', healthcheck)
.use('/token', (ctx) => {
const token = jwt.sign({ data: 'tokenData' }, 'secret');
ctx.response.body = token;
})
// Secure routes
.use(koajwt({ secret: 'secret' }))
.use('/secure', helloworld)
.middleware();
这有效^,现在我正尝试使其与Auth0一起使用,因此我调查了JWKS,这是我所拥有的:
import Router from 'koa-router-middleware';
import { ApplicationState, ApplicationContext } from './types';
import configure from './configure';
import swagger from './swagger';
import healthcheck from './healthcheck';
import helloworld from './helloworld';
// const jsonwebtoken = require('jsonwebtoken');
// import * as jwt from 'jsonwebtoken'; << TODO
import * as jwt from 'koa-jwt';
const jwksRsa = require('jwks-rsa');
const jwksHost = 'omitted'
const audience = 'http://localhost:8080'
const issuer = '??'
export default new Router<ApplicationState, ApplicationContext>()
.use(configure)
.use('/openapi.json', swagger)
.use('/', helloworld)
.use('/healthcheck', healthcheck)
.use(jwt({
secret: jwksRsa.koaJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 2,
jwksUri: `${jwksHost}/.well-known/jwks.json`
}),
audience,
issuer,
algorithms: [ 'RS256' ]
}))
// Secure routes. Anything below this comment needs a jwt token
.use('/secure', helloworld)
.middleware();
第一个问题:我可以从本地主机执行此操作,还是必须上传我的代码才能使其正常工作?
第二个问题:我使用的是创建帐户时Auth0分配给我的JWKS端点,我是否正确地假设每个帐户只有一个JWKS端点,即使该帐户具有多个API? (在this website上,我说每个租户都有一个,我认为这是指帐户,但我想确认)
第三个问题:除了受众和发行人之外,此代码看起来是否正确还是缺少某些内容?
答案 0 :(得分:0)
看看对this的答案
似乎应该是:
audience: 'http://localhost:3000', // With your port
issuer: `https://${process.env.AUTH0_DOMAIN}/` // Your Auth0 domain