Express,Passport和JSON Web令牌(jwt)身份验证
app.get(“/ secret”,passport.authenticate('jwt',{session:false}),function(req,res){res.json({message:“成功!没有令牌,你看不到这个” });});
我将检查邮递员但在未授权密钥中的响应:授权值:JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTExNDMxNjcwfQ.wwt4sY8LDXg_UDqD9-uImdYe0dv-6Ya2IF8WA_Y57Qs
回答如下:var _ = require(“lodash”);
var express = require(“express”);
var bodyParser = require(“body-parser”);
var jwt = require('jsonwebtoken');
var passport = require(“护照”);
var passportJWT = require(“passport-jwt”);
var ExtractJwt = passportJWT.ExtractJwt;
var JwtStrategy = passportJWT.Strategy;
var jwtOptions = {}
jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
jwtOptions.secretOrKey ='tasmanianDevil';
var strategy = new JwtStrategy(jwtOptions,function(jwt_payload,next){
console.log('payload received', jwt_payload);
// usually this would be a database call:
var user = users[_.findIndex(users, {id: jwt_payload.id})];
if (user) {
next(null, user);
} else {
next(null, false);
}
});
passport.use(策略);
var app = express();
app.use(passport.initialize());
app.use(bodyParser.urlencoded({extended:true}));
app.use(bodyParser.json())
app.get(“/ secret”,passport.authenticate('jwt',{session:false}),
function(req,res){
res.json({message: "Success! You can not see this without a token"});
});