当我从邮递员发送令牌(承载),这是工作的罚款。但是,当我从Android应用程序发送同样的道理,它是显示令牌已过期但它是新鲜和未过期和令牌是工作的罚款与邮递员。
我试图发送一个GET请求没有标记,并将其工作正常。服务器运行罚款该类工作作为例外,除了authetication。
JS节点检查令牌代码:
const jwt = require('jsonwebtoken');
const JWT_KEY = require('../../config').getJwtSecrete();
module.exports = async (req, res, next) => {
try {
let token = req.headers.authorization;
token = getTokenFromHeader(token);
const decoded = jwt.verify(token, JWT_KEY);
req.email = decoded.email;
next();
} catch (error) {
return res.status(401).json({
message: 'Auth failed'
});
}
};
function getTokenFromHeader(token) {
return token.split(" ")[1];
}
安卓:发送请求我的GET请求方法
public class GET_Request extends AsyncTask<String, Void, Bundle> {
private static final String REQUEST_METHOD = "GET";
private static final int READ_TIMEOUT = 10000;
private static final int CONNECTION_TIMEOUT = 10000;
private GETAsyncResponse delegate;
public GET_Request(GETAsyncResponse delegate) {
this.delegate = delegate;
}
@Override
protected Bundle doInBackground(String... params) {
String Url = params[0];
Bundle bundle = new Bundle();
String result = null;
BufferedInputStream bufferedInputStream;
ByteArrayOutputStream byteArrayOutputStream;
try {
URL requestUrl = new URL(Url);
HttpURLConnection connection = (HttpURLConnection) requestUrl.openConnection();
connection.setRequestMethod(REQUEST_METHOD);
connection.setReadTimeout(READ_TIMEOUT);
connection.setConnectTimeout(CONNECTION_TIMEOUT);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + UserInfo.getToken());
connection.connect();
if (connection.getResponseCode() == HTTP_OK) {
bufferedInputStream = new BufferedInputStream(connection.getInputStream());
int bisReadResult = bufferedInputStream.read();
byteArrayOutputStream = new ByteArrayOutputStream();
while (bisReadResult != -1) {
byteArrayOutputStream.write((byte) bisReadResult);
bisReadResult = bufferedInputStream.read();
}
result = byteArrayOutputStream.toString();
} else { //reading error
Log.e("doInBackground: ", String.valueOf(connection.getResponseCode()));
String error;
bufferedInputStream = new BufferedInputStream(connection.getInputStream());
int bisRealError = bufferedInputStream.read();
byteArrayOutputStream = new ByteArrayOutputStream();
while (bisRealError != -1) {
byteArrayOutputStream.write((byte) bisRealError);
bisRealError = bufferedInputStream.read();
}
/*This error string is for debugging*/
error = byteArrayOutputStream.toString();
Log.e("Error Buffer: ", error);
}
bundle.putString(JSON, result);
bundle.putInt(RESPONSE_CODE, connection.getResponseCode());
connection.disconnect();
} catch (FileNotFoundException f) {
f.printStackTrace();
bundle.putInt(RESPONSE_CODE, 400);
}
/*Internet not connected*/ catch (SocketTimeoutException s) {
bundle.putInt(RESPONSE_CODE, 0);
}
/*Any other error*/ catch (IOException e) {
e.printStackTrace();
bundle.putInt(RESPONSE_CODE, 500);
}
return bundle;
}
protected void onPostExecute(Bundle result) {
super.onPostExecute(result);
delegate.AfterGetRequestFinish(result);
}
public interface GETAsyncResponse {
void AfterGetRequestFinish(Bundle bundle);
}
}
我希望它成功进行身份验证。但我不知道它为什么失败,并显示代码“401”和'java.io.FileNotFoundException'。
一个JWT的特点是,它们基本上是防篡改的。也就是说,假设你的犯罪嫌疑人智威汤逊对节点JS服务器端有效的签名和校验,那么就意味着你的Android的Java代码不可能已经改变该令牌的到期日期。
话虽这么说,这里最有可能的解释是要传递事实上令牌已过期。这可能到来有关的一些原因,很可能你已经在共享偏好缓存的地方一个老道理,也许。