Menu
I am trying to authorise my JWT token with passport middleware but the strategy callback function is not getting called.
In my app.js file, I am specifying for my /users routes to use the middleware like so:
app.use('/users', passport.authenticate('jwt', { session: false }), users);
I then have a seperate file ./passport.js (which I have required at the top of my app.js) where I specify my passport strategy:
passport.use(new JWTStrategy({
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
secretOrKey : 'jwt_secret_key'
},
function (jwtPayload, cb) {
console.log('jwtPayload', jwtPayload)
}
));
I can't get the console log to run though.
I am using postman to test this and have selected Bearer Token from the authorization options. I can see that this is adding a header to my request.
When I log my request object in my node app, I can see it looks like this:
headers: {
authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1YWM0YWI2ZTk1MWJiMjE1M2NhMjc0OWUiLCJmaXJzdF9uYW1lIjoiQW5kcmV3IiwibGFzdF9uYW1lIjoiTWNDYWxsdW0iLCJlbWFpbCI6ImFtY2NhbGx1bTg5QGdtYWlsLmNvbSIsImlhdCI6MTUyMjg0NzEyNSwiZXhwIjoxNTIyODUwNzI1fQ.WH12GJHMGrGsiJNIwUG2Dx_a9cZKjw7_SW8FYlEvLmk',
accept: '*/*',
host: 'localhost:3037',
},
So the middleware should detect the bearer token and call the middleware?
Any help would be appreciated
415
A Passport strategy for authenticating with a JSON Web Token. This module lets you authenticate endpoints using a JSON web token. It is intended to be used to secure RESTful endpoints without sessions.
JSON Web Token and Passport can be primarily classified as "User Management and Authentication" tools. JSON Web Token and Passport are both open source tools. It seems that Passport with 15.9K GitHub stars and 936 forks on GitHub has more adoption than JSON Web Token with 2.59K GitHub stars and 259 GitHub forks.
Passport's middleware is built in a way that allows you to use multiple strategies in one passport.
Turns out my secretOrKey didn't match my secretOrKey where I was creating my JWT token.
I.E passport strategy needs to have the same secretOrKey
passport.use(new JWTStrategy({
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
secretOrKey : 'jwt_secret_key'
},
function (jwtPayload, cb) {
console.log('jwtPayload', jwtPayload)
}
));
as
const secretOrKey = 'jwt_secret_key'
const token = jwt.sign(payload, secretOrKey, { expiresIn });
Same issue I was facing and I found this on github. https://github.com/themikenicholson/passport-jwt/issues/153
you have to change ExtractJwt.fromAuthHeaderAsBearerToken() to ExtractJwt.fromAuthHeaderWithScheme('jwt') or ExtractJwt.fromAuthHeaderWithScheme('JWT')
21
If you are following the documentation for NestJS, something seems to have been left out. Kindly make sure that you are also passing the secret during signing. I have mine in my .env file, thus the code snippet below:
this.jwtService.sign(payload, {secret: `${process.env.SECRET}`}),
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
