TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-23 22:11:09 +03:00
Code Issues Projects Releases Wiki Activity

Updated to use membersApi iss as expected aud

Browse Source 
no-issue

This is because we now use specific URLs for audiences claims, e.g. for
members running locally the audience would be:

    - http://localhost:2368/ghost/api/v2/members/
This commit is contained in:
Fabien O'Carroll 2019-04-11 16:08:50 +02:00
parent 524e32bed5
commit eaf163cb9c
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ghost/members-ssr/index.js
View File

@ -44,8 +44,6 @@ module.exports = function create(options = EMPTY) {
throw new Error('Missing option cookieKeys');
}
const audience = ['members-ssr'];
const cookieConfig = {
keys: [].concat(cookieKeys),
secure: cookieSecure
@ -56,7 +54,7 @@ module.exports = function create(options = EMPTY) {
jwt.verify(token, publicKey, {
algorithms: ['RS512'],
issuer,
audience
audience: issuer
}, (err, claims) => {
if (err) {
reject(new UnauthorizedError({err}));