我正在尝试进行一些服务器端身份验证。
在服务器端登录()
var jwt = require('jsonwebtoken');
....
if (user.hash != hash(pass, user.salt)) {
return invalid("Wrong password");
}
var token = jwt.sign(user, 'superSecret');
res.json({
success: true,
message: '',
auth_token: token
});
在客户端http
createHero(hero: Hero) {
let body = JSON.stringify({ hero });
let headers = new Headers({ 'Content-Type': 'application/json' });
let authToken = localStorage.getItem('auth_token');
headers.append('Authorization', `Bearer ${authToken}`);
let options = new RequestOptions({ headers: headers });
this.http.post(`${this._baseUrl}create/`, body, options)
.map(response => response.json())
.subscribe(data => {
this._dataStore.heroes.push(data);
this._dataStore.hero = data;
this._heroObserver.next(this._dataStore.hero);
},
error => this.handleError('Could not create hero.')
);
}
在服务器端验证
var token = req.headers.authorization;
var h = req.headers;
// decode token
if (token) {
// verifies secret and checks exp
aaa = jwt.verify(token, 'superSecret', function(err, decoded) {
console.log(decoded);
if (err) {
return res.json({ success: false, message: 'Failed to authenticate token on API server.' });
} else {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
next();
}
});
console.log(aaa);
} else {
// if there is no token return an error
return res.status(403).send({
success: false,
message: 'No token provided.'
});
}
我正确地在服务器上获得了令牌。授权:“承载……”
但它无法验证。我得到了 JsonWebTokenError 无效的令牌。
谁能帮忙指出我错过了什么?