express-jwt-blacklist throw an error like as Error: JWT missing tokenId claimsub in my code
express-jwt-blacklist throw an error like as Error: JWT missing tokenId claimsub in my code
我正在开发 MEAN 堆栈应用程序。对于会话身份验证,我使用了 express-jwt.
我的代码与 express-jwt 令牌配合得很好,但是当我注销时,我想删除 jwt 令牌/在黑名单中添加令牌。
所以当我使用 jwt 令牌应用 express-jwt-blacklist 时,它会抛出一个 error.Error: JWT missing tokenId claimsub
My working code
=> In middleware / config file
const expressJWT = require("express-jwt");
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload'
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
My not working code (after apply express-jwt-blacklist)
=> In middleware / config file
const expressJWT = require("express-jwt");
const blacklist = require('express-jwt-blacklist');
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload',
isRevoked: blacklist.isRevoked
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
Error throws
error: "JWT missing tokenId claimsub"
请帮我解决这个问题。
问题已通过在 blacklist.configure 中添加 tokenId 解决,如下所示
=> In middleware / config file
const expressJWT = require("express-jwt");
const blacklist = require('express-jwt-blacklist');
blacklist.configure({
tokenId: 'jti',
// strict: true,
// store: {
// type: 'memcached',
// host: 'localhost',
// port: 3001,
// keyPrefix: 'mywebapp:',
// options: {
// timeout: 1000
// }
// }
});
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload',
isRevoked: blacklist.isRevoked
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
确保您必须在 jwt 登录时设置 jti params/field,如下所示
const randToken = require('rand-token');
const jwt = require("jsonwebtoken");
...
...
...
user.myToken = jwt.sign({
jti : user._id + "_" + randToken.generator({ chars: '0-9' }).generate(6);
first_name : user.first_name,
last_name : user.last_name,
...
...
...
}, jwt token key, {
expiresIn: '7d' //7 days
});
我正在开发 MEAN 堆栈应用程序。对于会话身份验证,我使用了 express-jwt.
我的代码与 express-jwt 令牌配合得很好,但是当我注销时,我想删除 jwt 令牌/在黑名单中添加令牌。
所以当我使用 jwt 令牌应用 express-jwt-blacklist 时,它会抛出一个 error.Error: JWT missing tokenId claimsub
My working code
=> In middleware / config file
const expressJWT = require("express-jwt");
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload'
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
My not working code (after apply express-jwt-blacklist)
=> In middleware / config file
const expressJWT = require("express-jwt");
const blacklist = require('express-jwt-blacklist');
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload',
isRevoked: blacklist.isRevoked
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
Error throws
error: "JWT missing tokenId claimsub"
请帮我解决这个问题。
问题已通过在 blacklist.configure 中添加 tokenId 解决,如下所示
=> In middleware / config file
const expressJWT = require("express-jwt");
const blacklist = require('express-jwt-blacklist');
blacklist.configure({
tokenId: 'jti',
// strict: true,
// store: {
// type: 'memcached',
// host: 'localhost',
// port: 3001,
// keyPrefix: 'mywebapp:',
// options: {
// timeout: 1000
// }
// }
});
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload',
isRevoked: blacklist.isRevoked
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
确保您必须在 jwt 登录时设置 jti params/field,如下所示
const randToken = require('rand-token');
const jwt = require("jsonwebtoken");
...
...
...
user.myToken = jwt.sign({
jti : user._id + "_" + randToken.generator({ chars: '0-9' }).generate(6);
first_name : user.first_name,
last_name : user.last_name,
...
...
...
}, jwt token key, {
expiresIn: '7d' //7 days
});