dsqnonh2763 2015-01-24 19:00
浏览 271

WebSocket JWT令牌连接授权

I am trying to make a websocket connection to a URL(python client) which needs to have a jwt token passed in and the server(implemented in GO) listens to this request on and is supposed to authenticate by parsing the token.

I try to use this part of the code to make the request - 

def test_auth_token(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid + '?token='+token)
    result = conn.recv()
    assert result is not None

This request hits the server which runs this code to validate this request

func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) {

// Look for an Authorization header
if ah := req.Header.Get("Authorization"); ah != "" {
    // Should be a bearer token
    if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
        return Parse(ah[7:], keyFunc)
    }
}

// Look for "access_token" parameter
req.ParseMultipartForm(10e6)
if tokStr := req.Form.Get("access_token"); tokStr != "" {
    return Parse(tokStr, keyFunc)
}

return nil, ErrNoTokenInRequest

}

Every time, I am getting the "ErrNoTokenInRequest" output despite I am passing the token as a query parameter. The server side token validation is being done by this external library which contains the above GO Routine - https://github.com/dgrijalva/jwt-go/blob/master/jwt.go

I am not sure, what could be the possible reasons that server doesn't find the token sent in my client? Is it supposed to be sent as payload or headers or something else? Could someone point to get this module working?

With "access_token" as query parameter i get this exception - 

self = <websocket._core.WebSocket object at 0x10a15a6d0>
host = 'x.x.x.x.', port = 9345
resource = '/v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6ImNh...vxvBmtZRrUTY5AcvrjbojXqLxFHL_CMsmTZfTXhOiy-7W2V95bqts2Wy4R8oQvsfDylYJWCBTzZNKHvPVFpcl0jQKLm1ms-LOJg1w-k23VfojZucPGtY5A'
options = {}
headers = ['GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI... 'Host: x.x.x.x.:9345', 'Origin: http://x.x.x.x.:9345', 'Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==', ...]
key = 'BN1n2BcCT/CUGh9MHeyL5g=='
header_str = 'GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6...3:9345
Origin: http://192.168.59.103:9345
Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==
Sec-WebSocket-Version: 13
  • 写回答

1条回答 默认 最新

  • dongling2038 2015-02-26 16:23
    关注

    Quite simply the serve does not expect the token to be handed over as a query parameter but instead expects it to be included in the headers of the request.

    Example using the websocket library from https://github.com/liris/websocket-client

    def test_auth_token(token)
    header="Authorization: BEARER " + str(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid", header)
    result = conn.recv()
    assert result is not None
    评论

报告相同问题?

悬赏问题

  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料