fromAuthHeaderAsBearerToken is not working in NODE

Question

I did following things to passport authentication in Node.

1) I am using jwtFromRequest : ExtractJwt.fromAuthHeaderAsBearerToken(),

module.exports = function(passport){
    var opts = {};
    opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
    opts.secretOrKey = config.secret;
    console.log('Inside passport');
    //opts.issuer = 'accounts.examplesoft.com';
    //opts.audience = 'yoursite.net';
    passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
        console.log('Payload :: '+jwt_payload._doc);
        User.getUserById({id: jwt_payload._doc._id}, function(err, User) {
            if (err) {
                return done(err, false);
            }
            if (User) {
                return done(null, User);
            } else {
                return done(null, false);
                // or you could create a new account
            }
        });
    }));

2) Calling the method in the following way:

userExpressRoutes.route('/profile')
    .get(passport.authenticate('jwt', { session: false }), function (req, res) {  });

3) Setting the header in Ppostman like : Authorization:Bearer {token}

Post Authentication Header

4) It is giving undefined payload

Payload :: undefined
TypeError: Cannot read property '_id' of undefined

What is missing here to get Jwt_payload?

Can someone help me?

Answer 1

Some working Combinations

For - fromHeader

ExtractJwt.fromHeader('authorization'),

Authorization : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE5ODE3LCJleHAiOjE1ODA3Mjk4OTd9.38x2wztqJWz9EH8_lN0ca-L-8mTQvW36iF2bfGk_ydg

For - fromHeader

ExtractJwt.fromHeader('HelloTom'),

HelloTom : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE5ODE3LCJleHAiOjE1ODA3Mjk4OTd9.38x2wztqJWz9EH8_lN0ca-L-8mTQvW36iF2bfGk_ydg

For - fromAuthHeaderAsBearerToken

ExtractJwt.fromAuthHeaderAsBearerToken(),

Authorization : bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE5ODE3LCJleHAiOjE1ODA3Mjk4OTd9.38x2wztqJWz9EH8_lN0ca-L-8mTQvW36iF2bfGk_ydg

For - fromAuthHeaderWithScheme

ExtractJwt.fromAuthHeaderWithScheme('JWT'),

Authorization : JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE5ODE3LCJleHAiOjE1ODA3Mjk4OTd9.38x2wztqJWz9EH8_lN0ca-L-8mTQvW36iF2bfGk_ydg

For - fromAuthHeaderWithScheme

ExtractJwt.fromAuthHeaderWithScheme('HelloJerry'),

Authorization : HelloJerry eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE5ODE3LCJleHAiOjE1ODA3Mjk4OTd9.38x2wztqJWz9EH8_lN0ca-L-8mTQvW36iF2bfGk_ydg

Answer 2

I resolved this issue by below code snippet. Thanks everyone for support...

const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const User = require('../models/User');
const config = require('../config/DB');

module.exports = function(passport){
  let opts = {};
  opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
  opts.secretOrKey = config.secret;
  passport.use(new JwtStrategy(opts, (jwt_payload, done) => {
    User.findById(jwt_payload.data._id, (err, User) => {
      if(err){
        return done(err, false);
      }

      if(User){
        return done(null, User);
      } else {
        return done(null, false);
      }
    });
  }));
}

Then In request headers pass token like this

Authorization:bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE4NjQxLCJleHAiOjE1ODA3Mjg3MjF9.T8n1YWRSHfr_1caZ51TbT4VdnBx2uXg1x2JOJC-TBL0

Answer 3

It worked for me:

I changed Authorization Header in request from: eyJhbGciOiJIUzI1NiIsI... (jwt token)

to Bearer eyJhbGciOiJIUzI1NiIsI...