我正在寻找该解决方案最佳实践的答案。我有一个正在运行的物联网项目,需要在两条路径上进行身份验证。用户和设备。
我想做的是分别对用户和设备上的路由认证进行完全控制,因此我认为创建两个单独的JWT服务将是适当的。
羽毛:4.5.8 我的身份验证服务如下所示:
export default function (app: Application): void {
const deviceAuthentication = new DeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
const authentication = new AuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
//hooks /someapi
{before:{ get: [authenticate('device-jwt')]}
//config
"device-authentication": {
"entity": "device",
"service": "devices",
"secret": "***",
"authStrategies": [
"device-jwt",
"device"
],
"device": {
"usernameField": "uuid",
"altUsernameField": "email",
"passwordField": "password"
},
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://something.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
}
},
"authentication": {
"entity": "user",
"service": "users",
"secret": "*****",
"authStrategies": [
"jwt",
"local"
],
"jwtOptions": {
"header": {
"typ": "access"
},
"audience": "https://somthing.com",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
},
"local": {
"usernameField": "email",
"passwordField": "password"
},
"oauth": {
"redirect": "/",
"auth0": {
"key": "<auth0 oauth key>",
"secret": "<auth0 oauth secret>",
"subdomain": "<auth0 subdomain>"
},
"google": {
"key": "<google oauth key>",
"secret": "<google oauth secret>",
"scope": [
"email",
"profile",
"openid"
]
},
"facebook": {
"key": "<facebook oauth key>",
"secret": "<facebook oauth secret>"
},
"twitter": {
"key": "<twitter oauth key>",
"secret": "<twitter oauth secret>"
},
"github": {
"key": "<github oauth key>",
"secret": "<github oauth secret>"
}
}
},
我遇到的问题是,当我在用户上使用GET时,我希望对/ authentication服务的jwt策略进行身份验证。调试说我正在解析jwt策略,但得到的结果如下所示
Invalid authentication information (strategy not allowed in authStrategies)
在调试中尝试的jwt策略是“ device-jwt”
如果将服务功能交换到
export default function (app: Application): void {
const authentication = new SippAuthService(app, 'authentication');
authentication.register('jwt', new JWTStrategy());
authentication.register('local', new LocalStrategy());
const deviceAuthentication = new SippDeviceAuthService(app, 'device-authentication');
deviceAuthentication.register('device-jwt', new DeviceJWTStrategy());
deviceAuthentication.register('device', new DeviceStrategy());
app.use('/device-authentication', deviceAuthentication);
app.use('/authentication', authentication);
app.configure(expressOauth());
}
正好相反,我将在用户身份验证服务上收到相同的消息,但永远不会到达设备身份验证服务
这里抛出错误
///AuthenticationService.authenticate. node_modules/@feathersjs/authentication/src/core.js (204)
if (!authentication || !authStrategy || !strategyAllowed) {
const additionalInfo = (!strategy && ' (no `strategy` set)') ||
(!strategyAllowed && ' (strategy not allowed in authStrategies)') || '';
// If there are no valid strategies or `authentication` is not an object
throw new NotAuthenticated('Invalid authentication information' + additionalInfo);
}
并且按预期strategyAllowed
为假,因为“ device-jwt”中不允许使用“ jwt”
是否有更好的方法来解决此问题?有没有办法利用明确的next()
功能来验证请求并将其传递给正确的身份验证服务?