我在NestJS应用程序中使用JwtService.JWT的初始化方式如下:
import { JwtModule } from '@nestjs/jwt';
// ...
JwtModule.register({
secret: 'mysecret', // TODO: Change to production injected value.
signOptions: { expiresIn: '1h' },
}),
我创建了一个JWT,并按如下方式签名:
import { JwtService, JwtSignOptions } from '@nestjs/jwt';
// ...
constructor(
private readonly jwtService: JwtService,
) {}
// ...
const userInfo = {
email: user.email,
firstName: user.firstName,
lastName: user.lastName
};
const accessTokenPayload = {
iss: 'Auth Server 3.2', // Issuer
sub: user.id.toString(), // Subject (user ID)
aud: ['myClient'], // Audience (recipient(s))
exp: (new Date()).getTime() + 24 * 60 * 60 * 1000, // Expiration time (Unix timestamp)
nbf: (new Date()).getTime() - 60 * 60 * 1000,
iat: new Date().getTime(), // Issued at (Unix timestamp)
jti: randomBytes(32).toString('hex'), // JWT ID (unique identifier)
data: { userInfo }
}
const accessToken = this.jwtService.signAsync(accessTokenPayload);
这将产生以下令牌:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJBdXRoIFNlcnZlciAzLjIiLCJzdWIiOiIxIiwiYXVkIjpbIm15Q2xpZW50Il0sImV4cCI6MTY4MzE4Nzc4OTIzNSwibmJmIjoxNjgzMDk3Nzg5MjM1LCJpYXQiOjE2ODMxMDEzODkyMzUsImp0aSI6ImM5ZTIwY2E5ODAwNzEzNGUyNWFmNjk3MzZmZTIyOGM3MTQyNzBhMWQ1NWY5OGFjOWVjZTU2NmQxOTAyYWJiYzUiLCJkYXRhIjp7InVzZXJJbmZvIjp7ImVtYWlsIjoidXNlckBlbWFpbC5jb20iLCJmaXJzdE5hbWUiOiJKb2huIiwibGFzdE5hbWUiOiJTbWl0aCJ9fX0.WSJsnzsZNrMPOQLuPbDoeigFeB6IRJFmXo2qUSFCi3k
它具有以下有效负载:
{
"iss": "Auth Server 3.2",
"sub": "1",
"aud": [
"myClient"
],
"exp": 1683187789235,
"nbf": 1683097789235, // valid nbf value = 2023-05-03T07:09:49.235Z
"iat": 1683101389235,
"jti": "c9e20ca98007134e25af69736fe228c714270a1d55f98ac9ece566d1902abbc5",
"data": {
"userInfo": {
"email": "user@email.com",
"firstName": "John",
"lastName": "Smith"
}
}
}
The Problem:(请仔细阅读,因为这不是重复的问题)
使用此代码验证JWT时:
try {
await this.jwtService.verifyAsync(accessToken);
} catch(e) {
console.log('Error', e)
}
我收到以下错误:
Error NotBeforeError {
name: 'NotBeforeError',
message: 'jwt not active',
date: +055303-05-11T16:49:49.000Z // --> note the invalid nbf value
}
55303,5月11日星期五格林尼治标准时间16:49:49‘
你知道我做错了什么吗?
PS:
- 注释NBF字段可以解决这个问题,但我无法验证令牌是否在特定日期之前未使用.
- 为NbF Select 其他值(例如
nbf: 1683097789235
等于2023-05-03T07:09:49.235Z
)会产生相同的错误.