Cannot authenticate using feathers token

[jsn0ob]

app runs smoothly on my local but after deploying my app to server, calling feathersApp.authenticate() returns error:

Bad "options.jwtid" option. The payload already has an "jti" property.

[jsn0ob]

i tried downgrading feathers-authentication to version 1.2.7 and it worked.

[daffl]

Probably a regression due to https://github.com/feathersjs/authentication/pull/539 Are you overriding the jwtid in production?

[jsn0ob]

i was not. it might be due to jsonwebtoken update, but i'm not sure.

https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md

[EirikFA]

I have the same issue but it occurs both in development and production.

[daffl]

Can someone please share a reproducible example?

[EirikFA]

I can try to set one up. Shouldn't take long. Just make a service that creates a JWT with createJWT.

[daffl]

What are you calling createJWT for? There might be a good reason but Feathers authentication should normally not require you to ever do that directly.

[EirikFA]

I have a service that issues JWTs to clients that call it with an API key. Reason for this is that the clients aren't real "clients", but other servers.

[subodhpareek18]

@FreeLineTM why don't you use a custom auth module using passport-custom for api key authentication. I use it to completely circumvent creating JWTs. I've added it to the docs here https://github.com/feathersjs/docs/pull/885

@daffl could you please review and merge it? I think there has been some conflict introduced since I last put it up.

[EirikFA]

@subodhpareek18 I didn't know how to do that and the solution I'm using was a suggestion from someone else. Didn't have any better ideas myself. Will take a look at your PR and try that out though.

[nathanbrizzee]

I'm having the same problem I was running feathers-authentication 1.2.7 on my server and everything was fine. I upgraded today and I get the same error now. My client is using feathers-authentication 1.3.0 with no issues before the update so it's something that was introduced between 1.2.7 and 1.3.0.

[nathanbrizzee]

Here is a copy of the error: (I get it when I open a new tab to the same URL. The JWT is re-read from window.localstorage and checked to see if it's still valid. The new window tab is the one that throws the server error, not the original one). And my package.json diff:

info: error: authentication - Method: create: Bad "options.jwtid" option. The payload already has an "jti" property. error: Error: Bad "options.jwtid" option. The payload already has an "jti" property. at C:\code\jsapi\server\node_modules\feathers-authentication\node_modules\jsonwebtoken\sign.js:165:24 at Array.forEach () at Object.module.exports [as sign] (C:\code\jsapi\server\node_modules\feathers-authentication\node_modules\jsonwebtoken\sign.js:161:35) at C:\code\jsapi\server\node_modules\feathers-authentication\lib\utils.js:54:28 at Promise () at Authenticator.createJWT (C:\code\jsapi\server\node_modules\feathers-authentication\lib\utils.js:46:10) at Object.create (C:\code\jsapi\server\node_modules\feathers-authentication\lib\service.js:48:28) at C:\code\jsapi\server\node_modules\feathers-hooks\lib\hooks.js:101:31 at Promise () at C:\code\jsapi\server\node_modules\feathers-hooks\lib\hooks.js:85:16 at at process._tickCallback (internal/process/next_tick.js:188:7)

[daffl]

I have a fix in https://github.com/feathersjs/authentication/pull/600 which should be released shortly.

[daffl]

Closed via https://github.com/feathersjs/authentication/pull/600

[jsn0ob]

thanks @daffl! 💯

[nathanbrizzee]

It now works for me. Thank you so much for the quick turn around!