Gui*_*ère 0 authentication node.js passport.js
这是我的身份验证策略的配置:
var JWT_STRATEGY_CONFIG = {
jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('MyBearer'),
secretOrKey: SECRET,
issuer : ISSUER,
audience: AUDIENCE,
passReqToCallback: false
};
我想添加第二个提取器,如果第一个失败,那么我想尝试第二个。为了说明我的想法,这是我想做的事情:
var JWT_STRATEGY_CONFIG = {
jwtFromRequest: [
ExtractJwt.fromAuthHeaderWithScheme('MyBearer'),
ExtractJwt.fromUrlQueryParameter('authorization')
],
secretOrKey: SECRET,
issuer : ISSUER,
audience: AUDIENCE,
passReqToCallback: false
};
小智 6
感谢您分享这个简单的解决方案。我在打字稿中采用了你的 NestJs 方法。以防万一有人寻找这个。
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { Inject, Injectable } from '@nestjs/common';
import { JWT_SECRET } from '../auth.constants';
/**
* Extracts the jwt from a cookie
* @param req Http Request
*/
const cookieExtractor = (req) => {
let token = null;
if (req && req.cookies) {
token = req.cookies.jwt;
}
return token;
};
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(@Inject('JWT_SECRET') jwtSecret: string) {
super({
jwtFromRequest: ExtractJwt.fromExtractors([
// Take jwt from http header
ExtractJwt.fromAuthHeaderAsBearerToken(),
// Take jwt from cookie
cookieExtractor
]),
ignoreExpiration: false,
secretOrKey: jwtSecret,
});
}
async validate(payload: { sub: number, iat: number, exp: number, username: string }): Promise<{ userId: any; username: any }> {
return { userId: payload.sub, username: payload.username };
}
}
您还可以在ExtractJwt.fromExtractors函数中传递多个提取器
var JWT_STRATEGY_CONFIG = {
secretOrKey: SECRET,
issuer : ISSUER,
audience: AUDIENCE,
passReqToCallback: false,
jwtFromRequest:ExtractJwt.fromExtractors([ExtractJwt.fromBodyField('auth_token'),ExtractJwt.fromUrlQueryParameter('auth_token')]),
};| 归档时间: |
|
| 查看次数: |
1191 次 |
| 最近记录: |