logo标签列表

护照JWT策略提取选项

node.jsauthenticationjwtpassport.jspassport-local
3
使用Passport JWT策略,我通过params传递token,并像这样提取token ExtractJWT.fromUrlQueryParameter('secret_token')
但有时我会通过header传递token,我想像这样提取它ExtractJWT.fromHeader('secret_token')
如何检查它是如何传递的并动态使用正确的提取方法。
这是我的代码:
passport.use(new JWTstrategy({
  secretOrKey: process.env.AUTH_SECRET,
  jwtFromRequest: ExtractJWT.fromUrlQueryParameter('secret_token')

}, async (token, done) => {
  try {
    //Pass the user details to the next middleware
    return done(null, token.user);
  } catch (error) {
    done(error);
  }
}));

谢谢!我已经在这上面花了很长时间了...
4个回答
3
使用ExtractJwt.fromExtractors()方法。
var jwtStrategy = new JwtStrategy({
// this will try to extract from Query parm, header and Authheader
  jwtFromRequest: ExtractJwt.fromExtractors([ExtractJwt.fromUrlQueryParameter("secret_token"), ExtractJwt.fromHeader("secret_token"), ExtractJwt.fromAuthHeaderAsBearerToken()]),
//here we have defined all possible extractors in an array
  secretOrKey: process.env.AUTH_SECRET
}, async (payload, done) => {
  ...
});
1
该方法已添加,可从标头中提取令牌。将其作为以下内容传递:
  • Authorization: Bearer {token}
  • Content-Type : application/json
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken()
1
你的回答可以通过提供更多支持信息来改进。请编辑以添加进一步的细节,例如引用或文档,以便他人可以确认你的答案是正确的。您可以在帮助中心中找到有关如何编写良好答案的更多信息。 - Community
-1

尝试这种方式:

const options = {};
options.jwtFromRequest = ExtractJWT.fromUrlQueryParameter('secret_token')!=undefined?ExtractJWT.fromUrlQueryParameter('secret_token'):ExtractJWT.fromHeader('secret_token');
options.secretOrKey = process.env.AUTH_SECRET;

passport.use(new JWTstrategy(options, async (token, done) => {
  try {
    //Pass the user details to the next middleware
    return done(null, token.user);
  } catch (error) {
    done(error);
  }
}));
抱歉,这个不起作用,它只会评估第一个参数。 - Morris S
-1

答案:

以下是解决方法...

它查找名为secret_token 查询参数头文件

var url = require('url');

const options = {};
options.jwtFromRequest = (request) => {
  var token = null;
  var param_name = 'secret_token' //parameter name 
  var parsed_url = url.parse(request.url, true);

  if (request.headers[param_name]) {
    token = request.headers[param_name];
  }
  else if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, param_name)) {
    token = parsed_url.query[param_name];
  }
  return token;
}
options.secretOrKey = process.env.AUTH_SECRET;

passport.use(new JWTstrategy(options, async (token, done) => {
  try {
    //Pass the user details to the next middleware
    return done(null, token.user);
  } catch (error) {
    done(error);
  }
}));
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接