问题
The sub claim for JWTs is optional, but the feathersjs-authentication won't let me set it to a blank string or remove it.
I was able to add a new value to the payload in the authentication before hook but changing sub or trying to remove it doesn't work.
app.service('/api/auth').hooks({
before: {
create: [
// You can chain multiple strategies
auth.hooks.authenticate(['jwt', 'local']),
hook => {
// I can add a new `SUB` value but this method doesn't work for `sub`
Object.assign(hook.params.payload, {SUB: hook.params.payload.userId})
}
],
...
I tried adding the same change to the after hook, but that didn't work either. Having the sub value as anonymous doesn't seem right to me. Their docs even say:
subject: 'anonymous', // Typically the entity id associated with the JWT
Yet there does not seem to be a straight-forward way to make the sub JWT claim a dynamic value.
回答1:
The subject or sub is set in the authentication options and - like any other JWT specific option - can not be set through the payload.
Looking at the code you can see that valid JWT option keys can be set through params (which other than params.query is outside of a malicious client reach so it can't be easily tampered with):
app.service('/api/auth').hooks({
before: {
create: [
// You can chain multiple strategies
auth.hooks.authenticate(['jwt', 'local']),
hook => {
hook.params.jwt.subject = hook.params.payload.userId;
}
],
来源:https://stackoverflow.com/questions/45974114/how-can-i-set-the-sub-claim-of-a-jwt-in-feathersjs