问题描述
使用共享的 Auth0 登录凭据成功运行 Rails 6 应用程序后, 我正在构建我的第一个 Rails 6 + Auth0 API (https://auth0.com/blog/building-secure-apis-with-rails-6-and-auth0/)。
我创建了一个名为“chirps”的简单服务器应用程序,这是控制器:
* -> *' * In the type
问题 - 经过身份验证的请求失败:
class ApplicationController < ActionController::API
end
class SecuredController < ApplicationController
before_action :authorize_request
private
def authorize_request
AuthorizationService.new(request.headers).authenticate_request!
rescue JWT::VerificationError,JWT::DecodeError
render json: { errors: ['Not Authenticated'] },status: :unauthorized
end
end
class ChirpsController < SecuredController
# Comment this for a fully private API
skip_before_action :authorize_request,only: [:index,:show]
def index
chirps = Chirp.all
render json: chirps
end
def show
chirp = Chirp.find(params[:id])
render json: chirp
rescue ActiveRecord::RecordNotFound
head :not_found
end
def create
chirp = Chirp.create!(chirp_params)
render json: chirp,status: :created
end
def destroy
chirp = Chirp.find(params[:id])
chirp.delete
head :no_content
end
private
def chirp_params
params.permit(:body,:published)
end
end
卷曲响应(第一部分):
curl -H “Content-Type: application/json” -H “Authorization: bearer $API_TOKEN” -d ‘{“body”:“this is my first chirp!”,“published”:true}’ -X POST http://localhost:3000/chirps
Rails 服务器响应:
{"status":500,"error":"Internal Server Error","exception":"#\u003cErrno::ECONNREFUSED: Failed to open TCP connection to :80 (Connection refused - connect(2) for nil port 80)\u003e","traces":{"Application Trace":[{"exception_object_id":16740,"id":11,"trace":"app/lib/json_web_token.rb:19:in `jwks_hash'"},{"exception_object_id":16740,"id":12,"trace":"app/lib/json_web_token.rb:14:in `block in verify'"},"id":17,"trace":"app/lib/json_web_token.rb:7:in `verify'"}
我的环境是WSL2下的Ubuntu 20.04.1 LTS:
Errno::ECONNREFUSED (Failed to open TCP connection to :80 (Connection refused - connect(2) for nil port 80)):
app/lib/json_web_token.rb:19:in jwks_hash'** **app/lib/json_web_token.rb:14:in block in verify’
app/lib/json_web_token.rb:7:in verify'** **app/services/authorization_service.rb:20:in verify_token’
app/services/authorization_service.rb:8:in authenticate_request!'** **app/controllers/secured_controller.rb:7:in authorize_request’
127.0.0.1 - - [02/Jan/2021:12:54:19 IST] “POST /chirps HTTP/1.1” 500 19247
- -> /chirps
Rails 服务器:
PS C:\Users\YOLA> wsl -l -v
NAME STATE VERSION
Ubuntu Running 2
我对此很陌生,所以我不完全理解它为什么会失败。
尤尼
解决方法
确保在将 auth0_domain
秘密传递给 rails 应用程序时已设置它。
如果该值为空,它将使您的初始字符串成为无效的 URL,即 "https://#{Rails.application.secrets.auth0_domain}/.well-known/jwks.json"
变成 "https:///.well-known/jwks.json"
。
在 my case 中,我使用了一个空的环境变量,它返回了 nil
:
ENV['AUTH0_DOMAIN']
=> nil
希望这个回答对你有帮助!