我有一个注册器端点和一个登录端点,它们使用 JWT 响应但是当接收到这个 JWT 时,这个过程会抛出 INVALID TOKENfunc ValidarToken(w http.ResponseWriter, r *http.Request) bool {token, err := request.ParseFromRequestWithClaims(r, request.OAuth2Extractor, &models.Claim{}, func(token *jwt.Token) (interface{}, error){ return VerifyKey, nil})if err != nil { switch err.(type) { case *jwt.ValidationError: vErr := err.(*jwt.ValidationError) switch vErr.Errors { case jwt.ValidationErrorExpired: http.Error(w, "Su token ha expirado "+err.Error(),http.StatusUnauthorized) case jwt.ValidationErrorSignatureInvalid: http.Error(w, "La firma del token no coincide "+err.Error(),http.StatusUnauthorized) default: http.Error(w, "Su token no es válido "+err.Error(),http.StatusUnauthorized) } default: http.Error(w, "Su token no es válido "+err.Error(),http.StatusUnauthorized) } return false}我已经阅读了很多文档,但我不明白为什么我生成相同的令牌,然后它不能被同一个应用程序识别
2 回答
慕勒3428872
TA贡献1848条经验 获得超6个赞
我使用这个库在 Go 中签署 JWT:github.com/dgrijalva/jwt-go,然后我像这样检查它:
reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer")
if len(splitToken) != 2 {
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprintln(w, "No se ha proporcionado el token")
return
}
reqToken = strings.TrimSpace(splitToken[1])
claims := &Claims{}
tkn, err := jwt.ParseWithClaims(reqToken, claims, func(token *jwt.Token) (interface{}, error) {
return jwtKey, nil
})
if err != nil {
if err == jwt.ErrSignatureInvalid {
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprintln(w, "No autenticado")
return
}
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintln(w, "No autenticado")
return
}
if !tkn.Valid {
w.WriteHeader(http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
- 2 回答
- 0 关注
- 200 浏览
添加回答
举报
0/150
提交
取消