dsqnonh2763 2015-01-24 19:00
浏览 271

WebSocket JWT令牌连接授权

I am trying to make a websocket connection to a URL(python client) which needs to have a jwt token passed in and the server(implemented in GO) listens to this request on and is supposed to authenticate by parsing the token.

I try to use this part of the code to make the request - 

def test_auth_token(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid + '?token='+token)
    result = conn.recv()
    assert result is not None

This request hits the server which runs this code to validate this request

func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) {

// Look for an Authorization header
if ah := req.Header.Get("Authorization"); ah != "" {
    // Should be a bearer token
    if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
        return Parse(ah[7:], keyFunc)
    }
}

// Look for "access_token" parameter
req.ParseMultipartForm(10e6)
if tokStr := req.Form.Get("access_token"); tokStr != "" {
    return Parse(tokStr, keyFunc)
}

return nil, ErrNoTokenInRequest

}

Every time, I am getting the "ErrNoTokenInRequest" output despite I am passing the token as a query parameter. The server side token validation is being done by this external library which contains the above GO Routine - https://github.com/dgrijalva/jwt-go/blob/master/jwt.go

I am not sure, what could be the possible reasons that server doesn't find the token sent in my client? Is it supposed to be sent as payload or headers or something else? Could someone point to get this module working?

With "access_token" as query parameter i get this exception - 

self = <websocket._core.WebSocket object at 0x10a15a6d0>
host = 'x.x.x.x.', port = 9345
resource = '/v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6ImNh...vxvBmtZRrUTY5AcvrjbojXqLxFHL_CMsmTZfTXhOiy-7W2V95bqts2Wy4R8oQvsfDylYJWCBTzZNKHvPVFpcl0jQKLm1ms-LOJg1w-k23VfojZucPGtY5A'
options = {}
headers = ['GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI... 'Host: x.x.x.x.:9345', 'Origin: http://x.x.x.x.:9345', 'Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==', ...]
key = 'BN1n2BcCT/CUGh9MHeyL5g=='
header_str = 'GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6...3:9345
Origin: http://192.168.59.103:9345
Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==
Sec-WebSocket-Version: 13
  • 写回答

1条回答 默认 最新

  • dongling2038 2015-02-26 16:23
    关注

    Quite simply the serve does not expect the token to be handed over as a query parameter but instead expects it to be included in the headers of the request.

    Example using the websocket library from https://github.com/liris/websocket-client

    def test_auth_token(token)
    header="Authorization: BEARER " + str(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid", header)
    result = conn.recv()
    assert result is not None
    评论

报告相同问题?

悬赏问题

  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler