个人中心
gpt4 book ai didi

javascript - 无效的承载访问 token

转载 作者:行者123 更新时间:2023-12-01 00:35:20 24 4
gpt4 key购买 nike

我们使用 hapi-auth-jwt2jwks-rsa 来解码和验证 azureAD 访问 token 。

这是我们的 jwt 策略,在每条路线上都有效。 

'use strict'

const jwt = require('hapi-auth-jwt2')
const jwksRsa = require('jwks-rsa')
const userCtrl = require('./../controllers/UserController')
const authHandler = require('./auth.factory').GetAuthHandler()

// TODO: Replace with current JSON web token formatting and active directory

module.exports = {
  name: 'JWT Authentication',
  register: async (server, options) => {
    await server.register(jwt)
    // Confirm that we are getting the correct PK
    // const pk = await authHandler.GetPK()
    const key = jwksRsa.hapiJwt2KeyAsync({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      // jwksUri: 'https://YOUR_DOMAIN/.well-known/jwks.json'
      jwksUri: 'https://login.microsoftonline.com/common/discovery/keys'
      // https://login.microsoftonline.com/common/discovery/keys
      // https://login.microsoftonline.com/common/.well-known/openid-configuration
    })

    server.auth.strategy('jwt', 'jwt', {
      // Get the complete decoded token, because we need info from the header (the kid)
      complete: true,
      // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
      key: key,
      // key: pk,
      headerKey: 'authorization',
      tokenType: 'Bearer',
      validate: userCtrl.validate,
      verifyOptions: {
        algorithms: ['RS256'] // or HS256 RS256
      }
    })
    server.auth.default('jwt')
    console.log(key)
  }
}

然后,我们将 Authorization header (即 'Bearer' + accessToken)附加到 http 并从 locahost 发出请求code> 即当前客户端/前端到 /sso 路由,服务器返回以下请求/响应

[1569928136140] INFO  (11252 on PORT230): request completed
    req: {
      "id": "1569928136137:PORT230:11264:k17qg99b:10001",
      "method": "get",
      "url": "https://port230.5874.com/api/v2/user/sso",
      "headers": {
        "host": "port230.5874.com",
        "connection": "keep-alive",
        "accept": "application/json, text/plain, */*",
        "origin": "http://localhost:8080",
        "authorization": "Bearer ...",
        "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36",
        "sec-fetch-mode": "cors",
        "sec-fetch-site": "cross-site",
        "referer": "http://localhost:8080/",
        "accept-encoding": "gzip, deflate, br",
        "accept-language": "en-US,en;q=0.9"
      }
    }
    res: {
      "statusCode": 401,
      "headers": {
        "www-authenticate": "Bearer error=\"Invalid token\"",
        "content-type": "application/json; charset=utf-8",
        "vary": "origin",
        "access-control-allow-origin": "http://localhost:8080",
        "access-control-expose-headers": "WWW-Authenticate,Server-Authorization",
        "strict-transport-security": "max-age=15768000",
        "x-frame-options": "DENY",
        "x-xss-protection": "1; mode=block",
        "x-download-options": "noopen",
        "x-content-type-options": "nosniff",
        "cache-control": "no-cache",
        "content-length": 106
      }
    }
    responseTime: 3

响应包括"www-authenticate": "Bearer error=\"Invalid token\""。我们一直试图理解为什么会出现无效 token 错误,但没有取得多大成功。

有人知道何时以及为何抛出此错误以及如何克服它吗?

最佳答案

问题是我们没有在https://portal.azure.com上定义我们的API的范围。正确。修复后,我们使用新创建的范围创建了 API 权限,因此访问 token 已成功解码

关于javascript - 无效的承载访问 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58183692/

24 4 0
文章推荐: javascript - 将箭头功能更改为普通功能?
文章推荐: MySQL DATE_ADD() 函数
文章推荐: mysql - 如果不存在如何添加新列
文章推荐: mysql - 如何用这么多 AND 组织我的查询
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com