我正在Expressgateway上尝试jwt。但是从配置gateway.config.yml来看,它与文档一致。但是,多数民众赞成总是在未经授权的情况下返回。 我的gateway.config.yml:
http:
port: 8080
apiEndpoints:
crudAPI:
host: localhost
paths:
- '/users/get-user-data'
- '/users/delete-user-data'
- '/users/add-user-data'
- '/users/get-one-user-data/*'
- '/users/update-user-data'
- '/users/update-pass-user-data'
serviceEndpoints:
crudService:
url: 'http://localhost:3004'
policies:
- proxy
- log
- jwt
pipelines:
crud:
apiEndpoints:
- crudAPI
policies:
- log:
- action:
message: "header===> ${req.headers.authorization}"
- jwt:
- action:
secretOrPublicKey: 'secretAuth'
checkCredentialExistence: false
# passThrough: true
- proxy:
- action:
serviceEndpoint: crudService
如果passThrough设置为true,则其工作正常。 有些不对劲?
答案 0 :(得分:0)
这在EG中效果很好。我在后端API上犯的JWT上只有一个错误。感谢您抽出宝贵的时间调查此案。我非常感谢与EG合作。
我对JWT进行身份验证时的后端API:
// JSON WEB TOKEN STRATEGY
passport.use(new JwtStrategy({
// jwtFromRequest: ExtractJwt.fromHeader('authorization'), // WRONG
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), // CORRECT
secretOrKey: config.JWT_SECRET
}, async (payload, done) => {
try {
// find user specified in token
const user = await User.findById(payload.sub);
// handle if user doesnt exist
if(!user) {
return done(null, false);
}
// return the user
done(null, user);
} catch (error) {
done(error, false);
}
}));