Zitadel Go API,身份验证上下文不一致

问题描述 投票:0回答:1

我从快速入门中重新创建了 Zitadel-Go API 教程,大多数时候它都能正常工作,但我注意到一些不一致的地方。

例如在此代码片段中:

router.Handle("/api/tasks", mw.RequireAuthorization()(http.HandlerFunc(
        func(w http.ResponseWriter, r *http.Request) {
            // Using the [middleware.Context] function we can gather information about the authorized user.
            // This example will just print the users ID using the provided method, and it will also
            // print the username by directly access the field of the typed [*oauth.IntrospectionContext].
            authCtx := mw.Context(r.Context())
            slog.Info("user accessed task list", "id", authCtx.UserID(), "username", authCtx.Username)

            // Although this endpoint is accessible by any authorized user, you might want to take additional steps
            // if the user is granted a specific role. In this case an `admin` will be informed to add a new task:
            list := tasks
            if authCtx.IsGrantedRole("admin") {
                list = append(list, "create a new task on /api/add-task")
            }

            // return the existing task list
            err = jsonResponse(w, &taskList{Tasks: list}, http.StatusOK)
            if err != nil {
                slog.Error("error writing response", "error", err)
            }
        })))

有时它工作正常,我收到空列表,但是在每几个请求之后,我都会被拒绝,并收到相同的请求,说我未经授权:

token introspection failed: http status not ok: 400 Bad Request {"error":"unauthorized_client"}

我使用带有 PAT 的服务用户进行测试,什么会导致这种不一致?

go authorization token
1个回答
0
投票

没关系,问题不在于 Zitadel 或 Zitadel-Go 软件包。这是因为 Zitadel 机器上的时间比托管时间晚了几秒,导致令牌未来在 Zitadel 这边

© www.soinside.com 2019 - 2024. All rights reserved.