Passport JWT Strategy extracting options

mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens

MIT License

1.97k stars 215 forks source link

Passport JWT Strategy extracting options #172

Closed m-salamon closed 5 years ago

m-salamon commented 5 years ago

I would like to use 2 extraction methods for various types of requests.

Something like this: (it does not work)

const options = {};
options.jwtFromRequest = ExtractJWT.fromUrlQueryParameter('secret_token')! = undefined ?ExtractJWT.fromUrlQueryParameter('secret_token') : ExtractJWT.fromHeader('secret_token');
options.secretOrKey = process.env.AUTH_SECRET;

DanielSwiegersServian commented 5 years ago

jwtFromRequest accepts a function. You could write a custom function to do this.

Something like

const myFunction = (req) => {
  const urlQueryParam = ExtractJWT.fromUrlQueryParameter('secret_token')(req);
  return urlQueryParam != undefined
    ? urlQueryParam 
    : ExtractJWT.fromHeader('secret_token')(req);
};
options.jwtFromRequest = myFunction;

mikenicholson commented 5 years ago

@DanielSwiegersServian is right: A custom extractor function is the way to do this. If you want to contribute a composite extractor that accepts a list of extractors and runs them in order until one returns a valid JWT, please feel free to do so. Be sure to include unit tests!