如何解决具有用于请求身份验证的中间件和JWT的Web APIPython,Flask引发DecodeError“签名验证失败”
我无法解码通过请求标头收到的令牌。
应用程序:
from flask import Flask
from flask import jsonify
from flask_restplus import Resource,Api
from helpers.load import get_env as _
from middleware.environment_middleware import EnvironmentMiddleware
from flask_jwt_extended import JWTManager
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = _('DATABASE_URI')
app.config['SQLALCHEMY_DATABASE_URI'] = _('DATABASE_URI')
app.config['SECRET_KEY'] = _('SECRET_KEY')
app.config['JWT_SECRET_KEY'] = _('JWT_SECRET')
app.wsgi_app = EnvironmentMiddleware(app.wsgi_app)
jwt = JWTManager(app)
api = Api(app)
jwt._set_error_handler_callbacks(api)
中间件类:
from werkzeug.wrappers import Request,Response,ResponseStream
from helpers.load import load_db_env
from flask_jwt_extended import get_jwt_identity,jwt_required,verify_jwt_in_request
import jwt
class EnvironmentMiddleware():
def __init__(self,app):
self.app = app
def __call__(self,environ,start_response):
request = Request(environ)
if request.headers:
params = load_db_env(request.headers.get('Whitelabel'))
jwt.decode(request.headers.get('Authorization').replace('Bearer ',''),params['JWT_SECRET'],algorithm='HS256')
return self.app(environ,start_response)
res = Response(u'Unauthorized.',mimetype='application/json',status=401)
return res(environ,start_response)
load_db_env 根据“ whitelabel”参数(包括 JWT_SECRET )和我的 environ 带来了我数据库中所有参数的字典。身份验证所需的数据,标题等。
但是出于某些原因,我无法从验证和识别用户的请求中解码并找到Bearer令牌内的信息。
Traceback (most recent call last):
File "<string>",line 1,in <module>
File "/home/bela/dev/bela/lib/python3.8/site-packages/jwt/api_jwt.py",line 63,in decode
decoded = super(PyJWT,self).decode(jwt,key,verify,algorithms,File "/home/bela/dev/bela/lib/python3.8/site-packages/jwt/api_jws.py",line 115,in decode
self._verify_signature(payload,signing_input,header,signature,line 186,in _verify_signature
raise DecodeError('Signature verification failed')
jwt.exceptions.DecodeError: Signature verification failed
我希望我很清楚,我来自巴西,我的英语不是最好的。
Obrigada! :*
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。