我一直在学习JWT,我遇到了这个问题,其中响应为JsonWebTokenError。令牌生成工作正常。但令牌的验证给了我一个错误,指出"JsonWebTokenError"带有一条消息"无效签名"。这是我的代码
const express = require('express');
const jwt = require('jsonwebtoken');
const app = express();
app.get('/api', (request, response) => {
response.json({
message: 'This is an Authentication API'
})
})
app.post('/api/posts', verifyToken, (request, response) => {
jwt.verify(request.token, 'secretkey', (err, authData) => {
if(err){
response.json({err});
}
else{
response.json({
message: 'Post was created successfully',
authData
})
}
})
})
app.post('/api/login', (request, response) => {
const user = {
id: 1,
user: 'sarath',
email: 'sarathsekaran@gmail.com'
}
jwt.sign({user}, 'secretKey', (err, token) => {
response.json({
token
});
});
});
//VerifyToken
//Authori FORMAT: Bearer <token>
function verifyToken(request, response, next){
//Get auth header value
const bearerHeader = request.headers['authorization'];
//Checking if bearer is undefined
if(typeof bearerHeader !== 'undefined'){
//Spilt the token from Bearer
const bearer = bearerHeader.split(' ');
const bearerToken = bearer[1];
//Set the token
request.token = bearerToken;
//Next Middleware
next();
}
else{
//Forbidden
response.sendStatus(403);
}
}
app.listen(5000, ()=>console.log('Server Started'));
在创建jwt令牌时,您应该使用唯一的密钥,并且应该将该唯一密钥存储在其他地方,而不是直接存储到代码中。您正面临此错误,因为您的密钥一处小写"k",另一处大写。