Pass JWT in Header

[亡魂溺海] 提交于 2019-12-06 09:19:06

问题


I am learning JWT with NodeJs. I am stuck at passing the JWT in header actually i do not know how to do this.

index.js file

var express = require('express'),
 app = express(),
 routes = require('./routes'),
 bodyParser = require('body-parser'),
 path = require('path'),
 ejs = require('ejs'),
 jwt = require('jsonwebtoken');

app.use(bodyParser.urlencoded({ extended: false })); 
app.use(bodyParser.json());

app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');

app.post('/home',routes.loginUser);

app.get('/', function(req, res) {
  res.render('index');
});

app.get('/home',function(req, res) {
  jwt.verify(req.token, 'qwertyu6456asdfghj', function(err, data) {
    if (err) {
      res.sendStatus(403);
    } 
  });
});

 app.listen(3000,function(){
  console.log("Server running at Port 3000");
});

routes/index.js file

var  jwt = require('jsonwebtoken');

exports.home = function(req, res){
  res.render('home',{error: false});
};

exports.loginUser = function(req, res) {
    var uname = req.body.Username;
    var pwd = req.body.Password;

    if(uname && pwd === 'admin'){
        res.render('home');

    var token = jwt.sign({ user: uname }, 'qwertyuiopasdfghj');
    console.log('Authentication is done successfully.....');
    console.log(token);
    }

    response.json({
        authsuccess: true,
        description: 'Sending the Access Token',
        token: token
    });
};

when i run the application i am getting the token in console.log but How can I pass token in header and store it in localStorage of browser?


回答1:


So you want to send the token to frontend but not in the body.

The Recommended way to do so is to use cookies. You can set the token in the cookie and it can be automatically accessed in front-end and in the backend.

res.cookie('tokenKey', 'ajsbjabcjcTOKENajbdcjabdcjdc');

Using authorization headers is also a good approach, but again, in front-end, you have to fetch the token from headers and then save in localStorage or cookie, which you don't have to do in case of cookie.

res.header(field [, value]);



回答2:


As @ChicoDelaBarrio told you, it depends on the client. Postman is a good place to start checking your backend. But after you have your server working, you have to start working in your client side.

If you want a complete backend example about JWT in Node.js, with Refresh token included, I recomend you this post about it: Refresh token with JWT authentication in Node.js Probably you can reuse most of the code. In this case the header is not created with BEARER, but with JWT at the beginning, but it works the same



来源:https://stackoverflow.com/questions/48299135/pass-jwt-in-header

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!