JWT身份验证¶
$ npm install @feathersjs/authentication-jwt --save
@feathersjs/authentication-jwt is a module for the 认证 that wraps the passport-jwt authentication strategy, which lets you authenticate with your Feathers application using a JSON Web Token access token.
This module contains 3 core pieces:
The main initialization function
The
VerifierclassThe
`ExtractJwt<https://github.com/themikenicholson/passport-jwt#extracting-the-jwt-from-the-request>`_ object from passport-jwt.
Configuration¶
In most cases initializing the module is as simple as doing this:
const feathers = require('@feathersjs/feathers');
const authentication = require('@feathersjs/authentication');
const jwt = require('@feathersjs/authentication-jwt');
const app = feathers();
// Setup authentication
app.configure(authentication(settings));
app.configure(jwt());
// Setup a hook to only allow valid JWTs to authenticate
// and get new JWT access tokens
app.service('authentication').hooks({
before: {
create: [
authentication.hooks.authenticate(['jwt'])
]
}
});
This will pull from your global authentication object in your config file. It will also mix in the following defaults, which can be customized.
Options¶
{
name: 'jwt', // the name to use when invoking the authentication Strategy
entity: 'user', // the entity that you pull from if an 'id' is present in the payload
service: 'users', // the service to look up the entity
passReqToCallback: true, // whether the request object should be passed to `verify`
jwtFromRequest: [ // a passport-jwt option determining where to parse the JWT
ExtractJwt.fromHeader, // From "Authorization" header
ExtractJwt.fromAuthHeaderWithScheme('Bearer'), // Allowing "Bearer" prefix
ExtractJwt.fromBodyField('body') // from request body
],
secretOrKey: auth.secret, // Your main secret (string or buffer) provided to passport-jwt
secretOrKeyProvider: auth.secret, // Your main secret provider (function) provided to passport-jwt
session: false, // whether to use sessions
Verifier: Verifier // A Verifier class. Defaults to the built-in one but can be a custom one. See below for details.
}
Additional passport-jwt options can be provided.
Verifier¶
[@feathersjs/authentication-jwt] (https://github.com/feathersjs/authentication-jwt) is a module: doc:./server, which wraps passport-jwt authentication strategy, which allows you to authenticate your Feathers application using the JSON Web Token access token.
{
constructor(app, options) // the class constructor
verify(req, payload, done) // queries the configured service
}
可以扩展``Verifier``类, 以便您可以自定义它的行为, 而无需重写和测试完全自定义的本地Passport实现.虽然如果您不想使用此插件, 这始终是一个选项.
An example of customizing the Verifier:
const { Verifier } = require('@feathersjs/authentication-jwt');
class CustomVerifier extends Verifier {
// The verify function has the exact same inputs and
// return values as a vanilla passport strategy
verify(req, payload, done) {
// do your custom stuff. You can call internal Verifier methods
// and reference this.app and this.options. This method must be implemented.
// the 'user' variable can be any truthy value
// the 'payload' is the payload for the JWT access token that is generated after successful authentication
done(null, user, payload);
}
}
app.configure(jwt({ Verifier: CustomVerifier }));
Client Usage¶
authentication-client¶
When this module is registered server side, using the default config values this is how you can authenticate using 验证客户端.
app.authenticate({
strategy: 'jwt',
accessToken: 'your access token'
}).then(response => {
// You are now authenticated
});
HTTP¶
If you are not using @feathersjs/authentication-client and you have
registered this module server side then you can include the access token
in an Authorization header.
Here is what that looks like with curl:
curl -H "Content-Type: application/json" -H "Authorization: <your access token>" -X POST http://localhost:3030/authentication
Sockets¶
Authenticating using an access token via sockets is done by emitting the following message:
const io = require('socket.io-client');
const socket = io('http://localhost:3030');
socket.emit('authenticate', {
strategy: 'jwt',
accessToken: 'your token'
}, function(message, data) {
console.log(message); // message will be null
console.log(data); // data will be {"accessToken": "your token"}
// You can now send authenticated messages to the server
});