Closed heinhoang closed 5 years ago
This line:
jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('Authorization');
would require to use the header
Authorization: Authorization eyJhbGciOiJIUzI1NiIsInR5c....
The issues is that you're looking for an Authorization header with the scheme of 'Authorization'. If you want the scheme to be 'JWT' you should use
jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme('JWT');
Note that the scheme comparison is case-insensitive so 'JWT' and 'jwt' are equivalent.
This solution worked for me but coming with a different problem. I was using ExtractJwt.fromAuthHeaderAsBearerToken()
And a header that looked like: authorization: 'JWT eyJHGc...'
This was giving me the error "No auth token".
Switching to ExtractJwt.fromAuthHeaderWithScheme('JWT')
worked.
Or, while using ExtractJwt.fromAuthHeaderAsBearerToken()
, changing the header token string to be authorization: 'Bearer eyJHGc...'
also worked.
So, I've learned something about schemas.
I believe that I had set things up with ExtractJwt.fromAuthHeaderAsBearerToken()
because I was using an older project, which used ExtractJwt.fromAuthHeader()
(a 2.0 method), as a template. Either a StackOverflow question or a tutorial mentioned ExtractJwt.fromAuthHeaderAsBearerToken()
as a replacement.
Regardless: I've figured it out now, but it was a pain to debug since passport is (understandably so) pretty black-box when it comes to errors - I was just getting a 401.
Hopefully this saves someone else some headache!
authorization: 'Bearer eyJHGc...'
worked for me too
Closing.
Using: "jsonwebtoken": "^7.4.3", "passport": "^0.4.0", "passport-jwt": "^3.0.0",
jwt config
generate token like this
In Postman
and get error: