响应中缺少 jwt 授权令牌 header
jwt authorization token missing from response header
我正在尝试使用 JWT 身份验证通过 Hapi 设置一个简单的 Angularjs 应用程序。
我用 jwt 令牌 link 向新注册的用户发送了一封电子邮件,以验证该电子邮件是否存在。 link 看起来像这样:
http://127.0.0.1:3000/verifyEmail/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InJpY2tAaWNvZGU0dS5ubCIsInNjb3BlIjpbIkN1c3RvbWVyIl0sImZpcnN0TmFtZSI6IlJpY2siLCJsYXN0TmFtZSI6IkdvbW1lcnMiLCJpYXQiOjE0NDkxNDc5MzR9.6lWxcsSIC7DgAiGC0hcp7bdAhyl40Nbcqid3VgVtM6c
这是我生成令牌的方式:
handler: function(request, reply) {
request.payload.password = Common.encrypt(request.payload.password);
request.payload.scope = "Customer";
User.saveUser(request.payload, function(err, user) {
if (!err) {
var tokenData = {
userName: user.userName, //email address
scope: [user.scope],
firstName: user.firstName,
lastName: user.lastName
};
Common.sentMailVerificationLink(user,Jwt.sign(tokenData, privateKey));
reply("Please confirm your email id by clicking on link in email");
} else {
if (11000 === err.code || 11001 === err.code) {
reply(Boom.forbidden("please provide another user email"));
} else {
console.log(Boom.forbidden(err));
reply(Boom.forbidden(err)); // HTTP 403
}
}
});
}
现在,当我点击验证 link 时,响应 header 如下所示:
{ host: '127.0.0.1:3000',
connection: 'keep-alive',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;
q=0.8',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KH
TML, like Gecko) Chrome/46.0.2490.86 Safari/537.36',
dnt: '1',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,es;q=0.2',
'x-cookiesok': 'I explicitly accept all cookies' }
问题:
我缺少响应 header 中的授权令牌。如何在 header 中发送授权令牌?
您在 url 中发送令牌,所以它不能 return 在 headers 中。您必须从 url 取回它。
我正在尝试使用 JWT 身份验证通过 Hapi 设置一个简单的 Angularjs 应用程序。
我用 jwt 令牌 link 向新注册的用户发送了一封电子邮件,以验证该电子邮件是否存在。 link 看起来像这样:
http://127.0.0.1:3000/verifyEmail/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6InJpY2tAaWNvZGU0dS5ubCIsInNjb3BlIjpbIkN1c3RvbWVyIl0sImZpcnN0TmFtZSI6IlJpY2siLCJsYXN0TmFtZSI6IkdvbW1lcnMiLCJpYXQiOjE0NDkxNDc5MzR9.6lWxcsSIC7DgAiGC0hcp7bdAhyl40Nbcqid3VgVtM6c
这是我生成令牌的方式:
handler: function(request, reply) {
request.payload.password = Common.encrypt(request.payload.password);
request.payload.scope = "Customer";
User.saveUser(request.payload, function(err, user) {
if (!err) {
var tokenData = {
userName: user.userName, //email address
scope: [user.scope],
firstName: user.firstName,
lastName: user.lastName
};
Common.sentMailVerificationLink(user,Jwt.sign(tokenData, privateKey));
reply("Please confirm your email id by clicking on link in email");
} else {
if (11000 === err.code || 11001 === err.code) {
reply(Boom.forbidden("please provide another user email"));
} else {
console.log(Boom.forbidden(err));
reply(Boom.forbidden(err)); // HTTP 403
}
}
});
}
现在,当我点击验证 link 时,响应 header 如下所示:
{ host: '127.0.0.1:3000',
connection: 'keep-alive',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;
q=0.8',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KH
TML, like Gecko) Chrome/46.0.2490.86 Safari/537.36',
dnt: '1',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,es;q=0.2',
'x-cookiesok': 'I explicitly accept all cookies' }
问题: 我缺少响应 header 中的授权令牌。如何在 header 中发送授权令牌?
您在 url 中发送令牌,所以它不能 return 在 headers 中。您必须从 url 取回它。