Passport JWT Unauthorized

ghost commented 6 years ago

Hello,

I'm having a strange issue with passport-jwt.

Everything is well configured as below :

server.js

// Dependencies
const express = require('express');
const bodyParser = require('body-parser');
const passport = require('passport');
const morgan = require('morgan');
const cors = require('cors');
const validator = require('express-validator');
const config = require('./config/index');

// Express
var app = express();
//------------------------------------------------ Middlewares
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser({limit: '10mb'}));
app.use(validator());

// Allow cross-origin resource sharing
app.use(cors());
app.options('*', cors());

// Log les requêtes
app.use(morgan('dev'));

// Initialisation de passport
app.use(passport.initialize()); 

// Routes
app.use('/', require('./routes/api'));
//-------------------------------------------------- Start Server
var PORT = 3001;

app.listen(PORT, () => {
    console.log("API is running on port " + PORT + " ...");
});

passport.js

// Dependencies
const JwtStrategy = require('passport-jwt').Strategy;
const jwt = require('jsonwebtoken');
const ExtractJwt = require('passport-jwt').ExtractJwt;
const passport = require('passport');
const config = require('../config/index');

// Models
const Admin = require('../models').Admin;

// Logique d'authentification JWT
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('jwt'); // il faudra donc insérer dans le header 'JWT ' + token
opts.secretOrKey = config.secret;

// Stratégie authentification administrateur
passport.use('admin-jwt', new JwtStrategy(opts, function (jwt_payload, done) {
  console.log(jwt_payload)
  Admin.findById(jwt_payload.sub).then((err, admin) => {
    if (admin) {
      done(null, admin);
    } else {
      done(null, false);
    }
  }).catch(err => console.log(err));
}));

and the routes.js

router.get('/admins/profile', passport.authenticate('admin-jwt', { session: false }), requireAdmin, function (req, res) {
    res.status(200).json({ success: true, user: req.user });
});

The login controller works great, it give me : "JWT " + token

When i try to access at my protected route, in my terminal i have this log :

{ sub: 2, iat: 1510066964872, type_of_user: 'admins', exp: 1510066974952 } Executing (default): SELECT id, username, firstname, lastname, email, password, currentSignin, lastSignin, currentIp, createdAt, updatedAt FROM Admins AS Admin WHERE Admin.id = 2;

GET /admins/profile 401 5.257 ms - -

Unauthorized ...

I really dont know what is wrong ...

My passport-jwt version is : ^3.0.1

Thanks,

Antoine

MGKhKhD commented 6 years ago

I guess if you change opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('jwt') to
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('JWT')

things cook well as you wish.

mikenicholson commented 5 years ago

Closing since header string comparison has been case insensitive since version 3.0.0

mikenicholson / passport-jwt

Passport JWT Unauthorized #135