我一直在学习有关JWT的知识,我遇到的问题是响应以JsonWebTokenError形式给出。令牌生成工作正常。但是令牌的验证给我一个错误,指出“ JsonWebTokenError”和消息“无效签名”。这是我的代码
const express = require('express');
const jwt = require('jsonwebtoken');
const app = express();
app.get('/api', (request, response) => {
response.json({
message: 'This is an Authentication API'
})
})
app.post('/api/posts', verifyToken, (request, response) => {
jwt.verify(request.token, 'secretkey', (err, authData) => {
if(err){
response.json({err});
}
else{
response.json({
message: 'Post was created successfully',
authData
})
}
})
})
app.post('/api/login', (request, response) => {
const user = {
id: 1,
user: 'sarath',
email: 'sarathsekaran@gmail.com'
}
jwt.sign({user}, 'secretKey', (err, token) => {
response.json({
token
});
});
});
//VerifyToken
//Authori FORMAT: Bearer <token>
function verifyToken(request, response, next){
//Get auth header value
const bearerHeader = request.headers['authorization'];
//Checking if bearer is undefined
if(typeof bearerHeader !== 'undefined'){
//Spilt the token from Bearer
const bearer = bearerHeader.split(' ');
const bearerToken = bearer[1];
//Set the token
request.token = bearerToken;
//Next Middleware
next();
}
else{
//Forbidden
response.sendStatus(403);
}
}
app.listen(5000, ()=>console.log('Server Started'));
答案 0 :(得分:2)
在创建jwt令牌时,您应该使用唯一的密钥,并且应该将该唯一的密钥存储在其他位置,而不是直接存储在代码中。之所以遇到此错误,是因为您的密钥在一个位置的小写字母是“ k”,而在另一位置的大写字母是“ ”。