Auth0 节点 api 中间件如何向非有效用户发送消息
Auth0 Node api middleware how message to non-valid users
我的 Node 应用程序中有一个端点,我希望登录用户和未登录用户都可以访问它。对于未登录,我想显示较少的数据。
在 Auth0 示例中,消息(页面)仅在用户登录时显示,而如果用户未登录则只是一个非授权错误 returns.
除了未验证错误,我如何仍然显示其他内容?
const express = require('express');
const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
// Authentication middleware. When used, the
// access token must exist and be verified against
// the Auth0 JSON Web Key Set
const checkJwt = jwt({
// Dynamically provide a signing key
// based on the kid in the header and
// the signing keys provided by the JWKS endpoint.
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: '{YOUR_API_IDENTIFIER}',
issuer: `https://YOUR_AUTH0_DOMAIN/`,
algorithms: ['RS256']
});
app.get('/api/private', checkJwt, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated to see this.'
});
});
您可以使用 credentialsRequired: false 参数执行此操作。
一个例子:
const verifyJwtMiddleware = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${process.env.AUTH0_ISSUER}.well-known/jwks.json`,
}),
credentialsRequired: false,
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ['RS256'],
});
app.get('/api/user-details', verifyJwtMiddleware, (req, res) => {
const data = { authenticated: false };
if (req.user) {
data.authenticated = true;
}
res.send(data);
});
我的 Node 应用程序中有一个端点,我希望登录用户和未登录用户都可以访问它。对于未登录,我想显示较少的数据。 在 Auth0 示例中,消息(页面)仅在用户登录时显示,而如果用户未登录则只是一个非授权错误 returns.
除了未验证错误,我如何仍然显示其他内容?
const express = require('express');
const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
// Authentication middleware. When used, the
// access token must exist and be verified against
// the Auth0 JSON Web Key Set
const checkJwt = jwt({
// Dynamically provide a signing key
// based on the kid in the header and
// the signing keys provided by the JWKS endpoint.
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: '{YOUR_API_IDENTIFIER}',
issuer: `https://YOUR_AUTH0_DOMAIN/`,
algorithms: ['RS256']
});
app.get('/api/private', checkJwt, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated to see this.'
});
});
您可以使用 credentialsRequired: false 参数执行此操作。
一个例子:
const verifyJwtMiddleware = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${process.env.AUTH0_ISSUER}.well-known/jwks.json`,
}),
credentialsRequired: false,
audience: process.env.AUTH0_AUDIENCE,
issuer: process.env.AUTH0_ISSUER,
algorithms: ['RS256'],
});
app.get('/api/user-details', verifyJwtMiddleware, (req, res) => {
const data = { authenticated: false };
if (req.user) {
data.authenticated = true;
}
res.send(data);
});