express-jwt-blacklist抛出错误,如错误:JWT在我的代码中缺少tokenId Claimsub

问题描述 投票:0回答:1

我正在开发MEAN堆栈应用程序。对于会话身份验证,我使用了[[express-jwt。

我的代码与express-jwt令牌配合得很好,但是当我注销时,我想删除jwt令牌/在黑名单中添加令牌。

因此,当我对jwt令牌应用

express-jwt-blacklist

时,会引发错误。错误:JWT缺少tokenId声明子
我的工作代码

=> In middleware / config file const expressJWT = require("express-jwt"); CONFIG.JWTTOKENALLOWACCESS = expressJWT({ secret: CONFIG.JWTTOKENKEY, userProperty: 'payload' }); => In routing file router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);

我的无效代码(在应用express-jwt-blacklist之后)

=> In middleware / config file const expressJWT = require("express-jwt"); const blacklist = require('express-jwt-blacklist'); CONFIG.JWTTOKENALLOWACCESS = expressJWT({ secret: CONFIG.JWTTOKENKEY, userProperty: 'payload', isRevoked: blacklist.isRevoked }); => In routing file router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);

错误抛出

error: "JWT missing tokenId claimsub"

请帮助我解决此问题。
javascript node.js express express-jwt jwt-auth
1个回答
0
投票
通过在blacklist.configure中添加tokenId(如下所示)来解决此问题

=> In middleware / config file const expressJWT = require("express-jwt"); const blacklist = require('express-jwt-blacklist'); blacklist.configure({ tokenId: 'jti', // strict: true, // store: { // type: 'memcached', // host: 'localhost', // port: 3001, // keyPrefix: 'mywebapp:', // options: { // timeout: 1000 // } // } }); CONFIG.JWTTOKENALLOWACCESS = expressJWT({ secret: CONFIG.JWTTOKENKEY, userProperty: 'payload', isRevoked: blacklist.isRevoked }); => In routing file router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);

确保您必须在jwt登录时像下面这样设置jti params / field

const randToken = require('rand-token'); const jwt = require("jsonwebtoken"); ... ... ... user.myToken = jwt.sign({ jti : user._id + "_" + randToken.generator({ chars: '0-9' }).generate(6); first_name : user.first_name, last_name : user.last_name, ... ... ... }, jwt token key, { expiresIn: '7d' //7 days });

© www.soinside.com 2019 - 2024. All rights reserved.