错误decodin签名JWT身份验证Android

2024-04-06 17:29:37

我正在使用Django和rest_framework,我激活了JSONWebTokenAuthentication.当我为登录用户登录时,一切似乎工作得很好我得到了一个令牌.如果我在jwt.io中验证该令牌,我会得到签名验证.但是,当我发送任何获取或发布到我的服务器和标头中的端点时,我把“授权：JWT”我得到以下内容.

06-26 12:20:58.832    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Authorization: JWT {token:<token>}
06-26 12:20:58.842    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ ---> END HTTP (no body)

06-26 12:20:59.322    5293-7833/com.infortec.angel.montalbanwebser 

D/RETROFIT﹕ : HTTP/1.0 403 FORBIDDEN
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Allow: GET, POST, HEAD, OPTIONS
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Content-Type: application/json
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Date: Fri, 26 Jun 2015 10:19:34 GMT
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Server: WSGIServer/0.1 Python/2.7.3
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ Vary: Accept, Cookie
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ X-Android-Received-Millis: 1435314059321
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ X-Android-Response-Source: NETWORK 403
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ X-Android-Selected-Transport: http/1.1
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ X-Android-Sent-Millis: 1435314059296
06-26 12:20:59.332    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ X-Frame-Options: SAMEORIGIN
06-26 12:20:59.342    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ {"detail":"Error decoding signature."}
06-26 12:20:59.342    5293-7833/com.infortec.angel.montalbanwebser D/RETROFIT﹕ <--- END HTTP (38-byte body)

{“detail”:”Error decoding signature.”}

编辑：我正在使用RequestInterceptor来添加我的标题.

 public class TokenRequestInterceptor implements RequestInterceptor{

    @Override
    public void intercept(RequestFacade request) {
        request.addHeader("Content-Type", "application/json");
        request.addHeader("Authorization", "JWT " + Utils.token);
    }
}

Utils.token是一个静态字段,我在验证后从服务器检索它时存储令牌.

解决方法:

D / RETROFIT：授权：JWT {token：< token>}

我认为您的问题是您将令牌作为json对象发送而不是发送令牌本身：

D / RETROFIT：授权：JWT< token>

如果您希望将令牌作为json发送,则应将其发送到正文而不是Authorization标头中.

$curl -X POST -H“Content-Type：application / json”-d'{“token”：“< TOKEN>”}’URL

码农公寓

相关文章