I am playing with an Azure Mobile Apps backend (nodeJS), as discussed here. I have been using the default web setup configuration to develop my mobile app, but now I want to customise the cloud backend functionality, so I have created a local backend with the Azure-Mobile-Apps SDK.
I logged in with my mobile app (using the authorization aspect of the Azure client SDK) and then captured the AuthToken.
I then constructed a Postman HTTP POST request, with these headers:
ZUMO-API-VERSION = 2.0.0
x-zumo-auth = eyJ0eX000000000000000000000000000000.eyJ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000000000-000000000_00000_00000
NB: my tokenm doesn't actually have all those zeros, it looks like a valid token.
However, the POST request's response is:
{ "name": "JsonWebTokenError", "message": "invalid signature" }
I thought this might be because the Auth token was generated by a different Service (the default backend rather than my project running on localhost). So I initialised a Client with localhost and tried to Authenticate with that, but I got:
JS: Error Logging in! Error: Logging in with the selected authentication provider is not enabled chromium: [INFO:CONSOLE(12)] "Not allowed to load local resource: file:///android_asset/webkit/android-weberror.png", source: data:text/html,chromewebdata (12)
Update:
I have found my WEBSITE_AUTH_SIGNING_KEY from https://myApp.scm.azurewebsites.net/Env.cshtml and added it to my azureMobile.js file, which is in the same directory as my app.js file. It looks like this:
console.log("Test");
module.exports = {
cors: {
origins: ['localhost']
},
data: {
provider: 'mssql',
server: '127.0.0.1',
database: 'mytestdatabase',
user: 'localDemo',
password: 'myPassword'
},
logging: {
level: 'verbose'
},
auth: { secret: 'xzy0000000000000000000000000000000000' },
};
However, I still get the same result. Is there a way of telling whether my azureMobile file is being correctly referenced, or whether something else is wrong?
To validate JWT tokens locally that were created by a hosted service, you need to obtain the signing key that is used. You can obtain this by opening a browser to https://mobile-service-name.scm.azurewebsites.net/Env.cshtml and finding the value for WEBSITE_AUTH_SIGNING_KEY. Take this value and configure your local server by creating (or updating) a file called azureMobile.js in the root of your project with the following content:
module.exports = {
auth: { secret: 'value from WEBSITE_AUTH_SIGNING_KEY' }
};
It's recommended to exclude this file from deployment by adding azureMobile.js to your .gitignore file.
来源:https://stackoverflow.com/questions/37864189/locally-testing-azure-mobile-auth-invalid-jwt-signature