Flask-JWT-Extended - Bad Authorization Header
Flask-JWT-Extended - Bad Authorization Header
提问于 2020-05-10 21:57:36
我正在使用以下代码测试Flask JWT。
from flask import Flask, jsonify, request
from flask_jwt_extended import (
JWTManager, jwt_required, create_access_token,
get_jwt_identity
)
app = Flask(__name__)
# Setup the Flask-JWT-Extended extension
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this!
jwt = JWTManager(app)
# Provide a method to create access tokens. The create_access_token()
# function is used to actually generate the token, and you can return
# it to the caller however you choose.
@app.route('/login', methods=['POST'])
def login():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username:
return jsonify({"msg": "Missing username parameter"}), 400
if not password:
return jsonify({"msg": "Missing password parameter"}), 400
if username != 'test' or password != 'test':
return jsonify({"msg": "Bad username or password"}), 401
# Identity can be any data that is json serializable
access_token = create_access_token(identity=username)
return jsonify(access_token=access_token), 200
# Protect a view with jwt_required, which requires a valid access token
# in the request to access.
@app.route('/protected', methods=['GET'])
@jwt_required
def protected():
# Access the identity of the current user with get_jwt_identity
current_user = get_jwt_identity()
return jsonify(logged_in_as=current_user), 200
if __name__ == '__main__':
app.run()通过使用POSTMAN,我可以获得以下access_token
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU"
}但是当我想要使用GET访问/protected页面时,请使用头部
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU我在POSTMAN中得到了这个错误。任何关于如何解决这个问题的建议都将非常感谢。
{
"msg": "Bad Authorization header. Expected value 'Bearer <JWT>'"
}回答 2
Stack Overflow用户
发布于 2020-05-10 22:34:02
找到答案了。这个问题已经有几天了。解决方案是,在POSTMAN中,不添加
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODkxMTg0MTcsIm5iZiI6MTU4OTExODQxNywianRpIjoiNDEwNzFlZjItZTE3OC00YzhkLThjN2ItNWIwN2MxNGNkYzI2IiwiZXhwIjoxNTg5MTE5MzE3LCJpZGVudGl0eSI6InRlc3QiLCJmcmVzaCI6ZmFsc2UsInR5cGUiOiJhY2Nlc3MifQ.A1C1vMXnXt4IWO8j4H4LH6caxCqBg19lOEoVHhYnIyU添加到标题中。您需要进入POSTMAN中的授权选项卡,选择持有者并在字段中输入令牌。这是如何将令牌添加为持有者令牌。这将解决问题。谢谢。
Stack Overflow用户
发布于 2022-01-28 10:44:19
在从Angular应用程序进行api调用时,我也遇到了同样的错误:
其中授权:承载eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1……
下面是添加auth令牌的另一种方法
export class TokenInterceptorService implements HttpInterceptor{
constructor(private injector: Injector ) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
let authService = this.injector.get(AuthService);
let tokenizeReq = req.clone({
setHeaders: {
Authorization: `Bearer ${authService.getAccessToken()}`
}
});
return next.handle(tokenizeReq);
}
}其中authService.getAccessToken将返回令牌。这将向http调用添加令牌
别忘了在app.modules中添加拦截器
providers: [{
provide: HTTP_INTERCEPTORS,
useClass: TokenInterceptorService,
multi: true
}]页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61713217
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号