我正在开发MEAN堆栈应用程序。对于会话身份验证,我使用了[[express-jwt。
我的代码与express-jwt令牌配合得很好,但是当我注销时,我想删除jwt令牌/在黑名单中添加令牌。因此,当我对jwt令牌应用
express-jwt-blacklist
时,会引发错误。错误:JWT缺少tokenId声明子我的工作代码
=> In middleware / config file
const expressJWT = require("express-jwt");
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload'
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
我的无效代码(在应用express-jwt-blacklist之后)
=> In middleware / config file const expressJWT = require("express-jwt"); const blacklist = require('express-jwt-blacklist'); CONFIG.JWTTOKENALLOWACCESS = expressJWT({ secret: CONFIG.JWTTOKENKEY, userProperty: 'payload', isRevoked: blacklist.isRevoked }); => In routing file router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
错误抛出
error: "JWT missing tokenId claimsub"
请帮助我解决此问题。
=> In middleware / config file
const expressJWT = require("express-jwt");
const blacklist = require('express-jwt-blacklist');
blacklist.configure({
tokenId: 'jti',
// strict: true,
// store: {
// type: 'memcached',
// host: 'localhost',
// port: 3001,
// keyPrefix: 'mywebapp:',
// options: {
// timeout: 1000
// }
// }
});
CONFIG.JWTTOKENALLOWACCESS = expressJWT({
secret: CONFIG.JWTTOKENKEY,
userProperty: 'payload',
isRevoked: blacklist.isRevoked
});
=> In routing file
router.route("/get-post-list").get(CONFIG.JWTTOKENALLOWACCESS, PostCtrl.getPostList);
确保您必须在jwt登录时像下面这样设置jti params / field
const randToken = require('rand-token'); const jwt = require("jsonwebtoken"); ... ... ... user.myToken = jwt.sign({ jti : user._id + "_" + randToken.generator({ chars: '0-9' }).generate(6); first_name : user.first_name, last_name : user.last_name, ... ... ... }, jwt token key, { expiresIn: '7d' //7 days });