我有一个 Azure 静态 Web 应用程序(使用 Azure 函数作为 API)。当用户登录时,我们使用以下代码生成一个令牌:
function generateToken(user: User): string{
const secretKey = process.env.SECRET_KEY;
const tokenData = {
userId: user.id,
}
const tokenOptions = {
expireIn: "2 days"
}
const token = jwt.sign(tokenData, process.env.SECRET_KEY, tokenOptions});
return token;
}
但是,调用不同的函数后,jwt.verify 会抛出无效签名错误。
try{
const token = req.headers.authorization?.split(' ')[1];
jwt.verify(token, process.env.SECRET_KEY, {algorithms: ['HS256']});
}catch(tokenError){
context.res = {
status: 401,
body: `tokenError: ${tokenError}\n
token: ${req.headers.authorization?.split(' ')[1]}\n
decode: ${JSON.stringify(jwt.decode(req.headers.authorization?.split(' ')[1]))}\n
`
};
return;
}
代码在本地运行得很好,但是部署后,有效负载发生了变化:
{"userId":2,"iat":1701863111,"exp":1702035911}
到
{"nbf":1701863176,"exp":1701863476,"iat":1701863176,"iss":"https://5de6fdb8-19cf-4d6e-9fd0-50a67c40ca59.scm.azurewebsites.net","aud":"https://5de6fdb8-19cf-4d6e-9fd0-50a67c40ca59.azurewebsites.net/azurefunctions"}
知道为什么吗?预先感谢!
我已经尝试了generateToken的几种设置更改,还检查了环境变量是否由azure函数访问。
生成 JWT 令牌和配置令牌选项的问题。JWT 令牌的有效负载在部署到 Azure 后发生变化,是因为出于安全原因,Azure 将受众声明添加到令牌中,因为这有助于确保该令牌仅对 Azure 静态 Web 应用程序有效。
nbf
)。const jwt = require('jsonwebtoken');
function generateToken(user) {
const secretKey = process.env.SECRET_KEY;
const tokenData = {
userId: user.id,
};
const tokenOptions = {
expiresIn: "2 days",
notBefore: 0
};
const token = jwt.sign(tokenData, secretKey, tokenOptions);
return token;
}
function verifyToken(req, context) {
try {
const token = req.headers.authorization?.split(' ')[1];
const decodedToken = jwt.verify(token, process.env.SECRET_KEY, { algorithms: ['HS256'] });
console.log("Decoded Token:", decodedToken);
// Your logic with the decoded token
} catch (tokenError) {
context.res = {
status: 401,
body: `tokenError: ${tokenError}\n
token: ${req.headers.authorization?.split(' ')[1]}\n
decode: ${JSON.stringify(jwt.decode(req.headers.authorization?.split(' ')[1]))}\n
`,
};
return;
}
}
// Usage example
const user = { id: 2 };
const generatedToken = generateToken(user);
console.log("Generated Token:", generatedToken);
const request = {
headers: {
authorization: `Bearer ${generatedToken}`,
},
};
verifyToken(request, { res: {} });
本地: