我正在尝试通过我在 nestjs 中的 JwtStrategy 类运行它们来验证用户访问令牌。除了我的方法之外,我还尝试了很多教程,但都没有成功。即使使用 auth0,我也一直收到 401。我的 LocalStrategy 工作正常并输出访问令牌以及其他预期信息。
这是我的 JwtStrategy 类:
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, ExtractJwt } from 'passport-jwt';
import { passportJwtSecret } from 'jwks-rsa';
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
secretOrKeyProvider: passportJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 3,
jwksUri: `https://cognito-idp.${process.env.AWS_REGION}.amazonaws.com/${process.env.AWS_COGNITO_USER_POOL_ID}/.well-known/jwks.json`,
}),
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
audience: process.env.AWS_COGNITO_CLIENT_ID,
issuer: `https://cognito-idp.${process.env.AWS_REGION}.amazonaws.com/${process.env.AWS_COGNITO_USER_POOL_ID}`,
algorithms: ['RS256'],
});
}
validate(payload: any) {
if (!payload) {
throw new UnauthorizedException();
}
return payload;
}
}
这是我的 AuthModule:
import { Module } from '@nestjs/common';
import { JwtStrategy } from './jwt.strategy';
import { LocalStrategy } from './local.strategy';
import { PassportModule } from '@nestjs/passport';
@Module({
imports: [PassportModule.register({ defaultStrategy: 'jwt' })],
providers: [JwtStrategy, LocalStrategy],
exports: [],
})
export class AuthModule {}
这是我要达到的终点:
import { Controller, Get, UseGuards } from '@nestjs/common';
import { AppService } from './app.service';
import { AuthGuard } from '@nestjs/passport';
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
@Get()
@UseGuards(AuthGuard('jwt'))
getHello(): string {
return this.appService.getHello();
}
}
这是我的 jwt auth 守卫:
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {}
@UseGuards(AuthGuard('jwt'))
线会产生预期的结果https://cognito-idp.${process.env.AWS_REGION}.amazonaws.com/${process.env.AWS_COGNITO_USER_POOL_ID}/.well-known/jwks.json
,
})` 确实产生了正确的 JSON 结果