Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Updated to use membersApi iss as expected aud

Browse source 
no-issue

This is because we now use specific URLs for audiences claims, e.g. for
members running locally the audience would be:

    - http://localhost:2368/ghost/api/v2/members/
This commit is contained in:
Fabien O'Carroll 2019-04-11 16:08:50 +02:00
parent 524e32bed5
commit eaf163cb9c
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ghost/members-ssr/index.js
View file

@ -44,8 +44,6 @@ module.exports = function create(options = EMPTY) {
throw new Error('Missing option cookieKeys'); throw new Error('Missing option cookieKeys');
} }
const audience = ['members-ssr'];
const cookieConfig = { const cookieConfig = {
keys: [].concat(cookieKeys), keys: [].concat(cookieKeys),
secure: cookieSecure secure: cookieSecure
@ -56,7 +54,7 @@ module.exports = function create(options = EMPTY) {
jwt.verify(token, publicKey, { jwt.verify(token, publicKey, {
algorithms: ['RS512'], algorithms: ['RS512'],
issuer, issuer,
audience audience: issuer
}, (err, claims) => { }, (err, claims) => {
if (err) { if (err) {
reject(new UnauthorizedError({err})); reject(new UnauthorizedError({err}));