我从快速入门中重新创建了 Zitadel-Go API 教程,大多数时候它都能正常工作,但我注意到一些不一致的地方。
例如在此代码片段中:
router.Handle("/api/tasks", mw.RequireAuthorization()(http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
// Using the [middleware.Context] function we can gather information about the authorized user.
// This example will just print the users ID using the provided method, and it will also
// print the username by directly access the field of the typed [*oauth.IntrospectionContext].
authCtx := mw.Context(r.Context())
slog.Info("user accessed task list", "id", authCtx.UserID(), "username", authCtx.Username)
// Although this endpoint is accessible by any authorized user, you might want to take additional steps
// if the user is granted a specific role. In this case an `admin` will be informed to add a new task:
list := tasks
if authCtx.IsGrantedRole("admin") {
list = append(list, "create a new task on /api/add-task")
}
// return the existing task list
err = jsonResponse(w, &taskList{Tasks: list}, http.StatusOK)
if err != nil {
slog.Error("error writing response", "error", err)
}
})))
有时它工作正常,我收到空列表,但是在每几个请求之后,我都会被拒绝,并收到相同的请求,说我未经授权:
token introspection failed: http status not ok: 400 Bad Request {"error":"unauthorized_client"}
我使用带有 PAT 的服务用户进行测试,什么会导致这种不一致?
没关系,问题不在于 Zitadel 或 Zitadel-Go 软件包。这是因为 Zitadel 机器上的时间比托管时间晚了几秒,导致令牌未来在 Zitadel 这边