My app is using Angular2 for the front-end, served by a separate (cross domain) backend server running express and using passport.js for Google Oauth authentication.
我的应用程序使用Angular2作为前端,由运行express的单独(跨域)后端服务器提供服务,并使用passport.js进行Google Oauth身份验证。
When a user is authenticated by the server using Passport (through google oauth), their user data is loaded from the database and included in the credentials, which is used to determine which backend API routes they are authorized to use. (It's based off this tutorial on scotch.io that I'm sure everyone has seen: https://scotch.io/tutorials/easy-node-authentication-setup-and-local )
当服务器使用Passport(通过google oauth)对用户进行身份验证时,他们的用户数据将从数据库加载并包含在凭据中,凭据用于确定他们有权使用哪些后端API路由。 (它基于scotch.io上的这个教程,我确信每个人都看过:https://scotch.io/tutorials/easy-node-authentication-setup-and-local)
I want to access this user object in my front-end as well to enable route-guards that depend on a user's access level (defined in their user object on the server).
我想在我的前端访问此用户对象,以启用依赖于用户访问级别(在服务器上的用户对象中定义)的路由保护。
From this question it seems the data is sent via a JWT and is readable on the front-end, just not changeable, which is fine: https://www.reddit.com/r/Angular2/comments/4ud0ac/ng2_secure_connection_front_to_back/
从这个问题来看,似乎数据是通过JWT发送的,并且在前端是可读的,只是不可更改,这很好:https://www.reddit.com/r/Angular2/comments/4ud0ac/ng2_secure_connection_front_to_back/
How do I access and read that token on the client? All I can find is the 'connect.sid' session cookie set by express. The payload of the cookie doesn't fit a standard JWT as it only has 2 sections, not 3.
如何在客户端*问和读取该令牌?我只能找到由express设置的'connect.sid'会话cookie。 cookie的有效负载不符合标准JWT,因为它只有2个部分,而不是3个部分。
1 个解决方案
#1
0
You are probably not using JWT but cookie-based sessions if you followed the tutorial. The cookie only contains a session ID which your server uses to identify the session from the session store, and using this information you probably dig up something from the database in deserializeUser. That is then available to you in req.user in the backend.
如果您遵循本教程,您可能不会使用JWT而是使用基于cookie的会话。 cookie只包含一个会话ID,服务器使用该会话ID来识别会话存储中的会话,使用此信息,您可能会在deserializeUser中从数据库中挖掘出一些内容。然后,您可以在后端的req.user中使用它。
You could of course add the user data to the response of every request but if you really are using cookie-based sessions sending the user object with every response likely makes little sense. You could eg. just add a route that will return the relevant parts of req.user:
您当然可以将用户数据添加到每个请求的响应中,但如果您确实使用基于cookie的会话,则每个响应发送用户对象可能没有多大意义。你可以,例如。只需添加一个返回req.user相关部分的路由:
app.get('/users', function(req, res) {
res.json({ username : req.user.username });
);
#1
0
You are probably not using JWT but cookie-based sessions if you followed the tutorial. The cookie only contains a session ID which your server uses to identify the session from the session store, and using this information you probably dig up something from the database in deserializeUser. That is then available to you in req.user in the backend.
如果您遵循本教程,您可能不会使用JWT而是使用基于cookie的会话。 cookie只包含一个会话ID,服务器使用该会话ID来识别会话存储中的会话,使用此信息,您可能会在deserializeUser中从数据库中挖掘出一些内容。然后,您可以在后端的req.user中使用它。
You could of course add the user data to the response of every request but if you really are using cookie-based sessions sending the user object with every response likely makes little sense. You could eg. just add a route that will return the relevant parts of req.user:
您当然可以将用户数据添加到每个请求的响应中,但如果您确实使用基于cookie的会话,则每个响应发送用户对象可能没有多大意义。你可以,例如。只需添加一个返回req.user相关部分的路由:
app.get('/users', function(req, res) {
res.json({ username : req.user.username });
);