我一直想写接受用户名/密码凭据，验证他们一个简单的服务器，然后创建一个JWT令牌的客户端，然后他们用它来访问某些航线。 我能够做的一切都交给接收和服务器端验证客户端的JWT点。

void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler = 
    new JwtSessionHandler('ffl_sales_server', new Uuid().v4(), 
    auth.lookupByUsername);

  //allow http for testing with curl, do not use in production
  bool allowHttp = true;

  final Map<String, String> headers = 
    {'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
     "Access-Control-Expose-Headers": "Authorization",
     "Access-Control-Allow-Credentials" : "true",
     "Access-Control-Allow-Headers" : "Authorization"};

  //fix the cors headers 
  Response options(Request request) => (request.method == 'OPTIONS') ?
      new Response.ok(null, headers: headers) : null;
  Response cors(Response response) => 
      response.change(headers: headers);
  Middleware fixCors = createMiddleware(requestHandler: options, 
      responseHandler: cors);

  // authentication middleware for a login handler (post)
  Middleware loginMiddleware = authenticate(
      [new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
      sessionHandler: sessionHandler, allowHttp: allowHttp, 
      allowAnonymousAccess: false);

  // authentication middleware for routes other than login that 
  // require a logged in user
  // here we are relying solely on users with a session established  
  // via the login route
  Middleware defaultAuthMiddleware = authenticate(
      [],sessionHandler: sessionHandler, allowHttp: true, 
      allowAnonymousAccess: false);

  Router rootRouter = router(handlerAdapter: handlerAdapter()); 

  //the route where the login credentials are posted
  rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);

  //the routes which require an authenticated user
  rootRouter.child('/authenticated', 
      middleware: defaultAuthMiddleware)
    ..add('/users', ALL_METHODS, new Users(_connection).handle)
    ..add('/stores', ALL_METHODS, new Stores(_connection).handle)
    ..add('/departments', ALL_METHODS, new Departments(_connection).handle)
    ..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
    ..add('/reports', ALL_METHODS, new Reports(_connection).handle)
    ..add('/imports', ALL_METHODS, new Imports(_connection).handle)
    ..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
    ..get('/foo', (Request request) => 
         new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));

  printRoutes(rootRouter);

  Handler handler = const Pipeline()
      .addMiddleware(fixCors)
      .addMiddleware(logRequests())
      .addMiddleware(exceptionResponse())
      .addHandler(rootRouter.handler);

  shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
    print('Serving as http://${server.address.host}:${server.port}');
  });
}

我知道我可能失去了一些东西简单，但好像我应该有某种形式的处理程序在创建该defaultAuthMiddleware的身份验证（）函数的第一个参数。 我在想什么？

它看起来像这个问题是在我的验证类。 因为lookupByUsernamePassword函数，函数范围，而不是类范围存放由于我的疏忽的lookupByUsername函数根本就没有找到身份验证的用户。

谢谢您的帮助！

我认为你需要的sessionMiddleware传递给像其他途径

 ..add('/invoices', ALL_METHODS, new Invoices(_connection).handle, 
     middleware: defaultAuthMiddleware)

也许有一个更好的办法，但是这是主要的区别，我发现我的设置工作正常。