Locally Testing Azure Mobile Auth - invalid jwt signature

问题

I am playing with an Azure Mobile Apps backend (nodeJS), as discussed here. I have been using the default web setup configuration to develop my mobile app, but now I want to customise the cloud backend functionality, so I have created a local backend with the Azure-Mobile-Apps SDK.

I logged in with my mobile app (using the authorization aspect of the Azure client SDK) and then captured the AuthToken.

I then constructed a Postman HTTP POST request, with these headers:

ZUMO-API-VERSION = 2.0.0
x-zumo-auth = eyJ0eX000000000000000000000000000000.eyJ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000000000-000000000_00000_00000

NB: my tokenm doesn't actually have all those zeros, it looks like a valid token.

However, the POST request's response is:

{ "name": "JsonWebTokenError", "message": "invalid signature" }

I thought this might be because the Auth token was generated by a different Service (the default backend rather than my project running on localhost). So I initialised a Client with localhost and tried to Authenticate with that, but I got:

JS: Error Logging in! Error: Logging in with the selected authentication provider is not enabled chromium: [INFO:CONSOLE(12)] "Not allowed to load local resource: file:///android_asset/webkit/android-weberror.png", source: data:text/html,chromewebdata (12)

Update:

I have found my WEBSITE_AUTH_SIGNING_KEY from https://myApp.scm.azurewebsites.net/Env.cshtml and added it to my azureMobile.js file, which is in the same directory as my app.js file. It looks like this:

console.log("Test");
module.exports = {
    cors: {
        origins: ['localhost']
    },
    data: {
        provider: 'mssql',
        server: '127.0.0.1',
        database: 'mytestdatabase',
        user: 'localDemo',
        password: 'myPassword'
    },
    logging: {
        level: 'verbose'
    },
    auth: { secret: 'xzy0000000000000000000000000000000000' },
};

However, I still get the same result. Is there a way of telling whether my azureMobile file is being correctly referenced, or whether something else is wrong?

回答1:

To validate JWT tokens locally that were created by a hosted service, you need to obtain the signing key that is used. You can obtain this by opening a browser to https://mobile-service-name.scm.azurewebsites.net/Env.cshtml and finding the value for WEBSITE_AUTH_SIGNING_KEY. Take this value and configure your local server by creating (or updating) a file called azureMobile.js in the root of your project with the following content:

module.exports = {
    auth: { secret: 'value from WEBSITE_AUTH_SIGNING_KEY' }
};

It's recommended to exclude this file from deployment by adding azureMobile.js to your .gitignore file.

来源：https://stackoverflow.com/questions/37864189/locally-testing-azure-mobile-auth-invalid-jwt-signature