我正在使用以下代码测试Flask JWT。
from flask import Flask, jsonify, request
from flask_jwt_extended import (
JWTManager, jwt_required, create_access_token,
get_jwt_identity
)
app = Flask(__name__)
# Setup the Flask-JWT-Extended extension
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this!
jwt = JWTManager(app)
# Provide a method to create access tokens. The create_access_token()
# function is used to actually generate the token, and you can return
# it to the caller however you choose.
@app.route('/login', methods=['POST'])
def login():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username:
return jsonify({"msg": "Missing username parameter"}), 400
if not password:
return jsonify({"msg": "Missing password parameter"}), 400
if username != 'test' or password != 'test':
return jsonify({"msg": "Bad username or password"}), 401
# Identity can be any data that is json serializable
access_token = create_access_token(identity=username)
return jsonify(access_token=access_token), 200
# Protect a view with jwt_required, which requires a valid access token
# in the request to access.
@app.route('/protected', methods=['GET'])
@jwt_required
def protected():
# Access the identity of the current user with get_jwt_identity
current_user = get_jwt_identity()
return jsonify(logged_in_as=current_user), 200
if __name__ == '__main__':
app.run()
通过使用POSTMAN,我可以获得以下访问权限_打开
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU"
}
但是当我想使用带有标题的GET访问受保护的页面时
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU
我在POSTMAN上看到这个错误。任何关于如何解决这个问题的建议都将不胜感激。
{
"msg": "Bad Authorization header. Expected value 'Bearer <JWT>'"
}
找到了答案。这个问题已经好几天了。解决方案是,在POSTMAN中,您不添加
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU
插入标头。您需要进入POSTMAN中的Authorization选项卡,选择Bearer并在字段中输入令牌。这就是如何将令牌添加为承载令牌。这将解决问题。谢谢
我在从Angular应用程序进行api调用时遇到了同样的错误:
其中授权:Bearer eyJ0eAiOiJKV1QiLCJhbGciOiJIUzi1
以下是添加身份验证令牌的另一种方法
export class TokenInterceptorService implements HttpInterceptor{
constructor(private injector: Injector ) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
let authService = this.injector.get(AuthService);
let tokenizeReq = req.clone({
setHeaders: {
Authorization: `Bearer ${authService.getAccessToken()}`
}
});
return next.handle(tokenizeReq);
}
}
其中authService.getAccessToken将返回令牌。这将为http调用添加令牌
不要忘记在中添加拦截器app.modules
providers: [{
provide: HTTP_INTERCEPTORS,
useClass: TokenInterceptorService,
multi: true
}]