dsqnonh2763 2015-01-24 19:00
浏览 271

WebSocket JWT令牌连接授权

I am trying to make a websocket connection to a URL(python client) which needs to have a jwt token passed in and the server(implemented in GO) listens to this request on and is supposed to authenticate by parsing the token.

I try to use this part of the code to make the request - 

def test_auth_token(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid + '?token='+token)
    result = conn.recv()
    assert result is not None

This request hits the server which runs this code to validate this request

func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) {

// Look for an Authorization header
if ah := req.Header.Get("Authorization"); ah != "" {
    // Should be a bearer token
    if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
        return Parse(ah[7:], keyFunc)
    }
}

// Look for "access_token" parameter
req.ParseMultipartForm(10e6)
if tokStr := req.Form.Get("access_token"); tokStr != "" {
    return Parse(tokStr, keyFunc)
}

return nil, ErrNoTokenInRequest

}

Every time, I am getting the "ErrNoTokenInRequest" output despite I am passing the token as a query parameter. The server side token validation is being done by this external library which contains the above GO Routine - https://github.com/dgrijalva/jwt-go/blob/master/jwt.go

I am not sure, what could be the possible reasons that server doesn't find the token sent in my client? Is it supposed to be sent as payload or headers or something else? Could someone point to get this module working?

With "access_token" as query parameter i get this exception - 

self = <websocket._core.WebSocket object at 0x10a15a6d0>
host = 'x.x.x.x.', port = 9345
resource = '/v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6ImNh...vxvBmtZRrUTY5AcvrjbojXqLxFHL_CMsmTZfTXhOiy-7W2V95bqts2Wy4R8oQvsfDylYJWCBTzZNKHvPVFpcl0jQKLm1ms-LOJg1w-k23VfojZucPGtY5A'
options = {}
headers = ['GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI... 'Host: x.x.x.x.:9345', 'Origin: http://x.x.x.x.:9345', 'Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==', ...]
key = 'BN1n2BcCT/CUGh9MHeyL5g=='
header_str = 'GET /v1/stats/fff51e85-f2bb-4ace-8dcc-fde590932cca?access_token=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MjIxMzEyMzUsInN1YiI6...3:9345
Origin: http://192.168.59.103:9345
Sec-WebSocket-Key: BN1n2BcCT/CUGh9MHeyL5g==
Sec-WebSocket-Version: 13
  • 写回答

1条回答

  • dongling2038 2015-02-26 16:23
    关注

    Quite simply the serve does not expect the token to be handed over as a query parameter but instead expects it to be included in the headers of the request.

    Example using the websocket library from https://github.com/liris/websocket-client

    def test_auth_token(token)
    header="Authorization: BEARER " + str(token)
    conn = create_connection("ws://<IP>:port"+ '/'+ container.uuid", header)
    result = conn.recv()
    assert result is not None
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!