Not able to get jwt token from authorization header

Question

Not able to get jwt token from authorization header

JohnnyHandy opened this issue 5 years ago · 2 comments

Whenever I make the request with postman with the bearer token feature, it works and I get access to the route, but when I am trying to do it out of postman, on my browser, it does not work and I only get "Unauthorized"

Passport.js

const options = {
        jwtFromRequest:ExtractJWT.fromAuthHeaderAsBearerToken(),
        secretOrKey:jwtSecret.secret
    };
    
    passport.use(
        'jwt',
        new JWTStrategy(options,(jwt_payload,done)=>{
            console.log('jwt from request '+options.jwtFromRequest);
            try{
                User.findOne({
                    where:{
                        id:jwt_payload.id
                    },
                }).then(user=>{
                    if(user){
                        console.log('User found in DB in passport')
                        done(null,user)
                    }else{
                        console.log('User not found in db');
                        done(null,false)
                    }
                });
            } catch(err){
                done(err)
            }
        })
    )

Login Route ;
notice that I am doind a res.set to set the header as authorization: 'bearer ' + token to set the header. It sets the header, but when I try to access the protected route, the passport jwt does not seem to get the header value or something like it

router.post('/', (req,res,next)=>{
    passport.authenticate('login',(err,user,info)=>{
        if(err){
            console.log(err)
        }
        if(info !== undefined){
            console.log(info.message + 'line 17');
            res.send(info.message);
        }else{
            req.logIn(user,err=>{
                    console.log('user>'+JSON.stringify(user))
                    const token = jwt.sign({id:user.id},jwtSecret.secret);
                    res.set('authorization','Bearer '+token)
                    res.status(200).send({
                        auth:true,
                        token:token,
                        message:'User found & logged in'
                    })
            })
        }
    })(req,res,next)
})

I dont think that is relevant to mention it here, but the route that I am trying to access is this one:

var findUsers = require('./routes/findUser')
app.use('/findUser',passport.authenticate('jwt', { session: false }),findUsers)

TL;DR: Cant have access to protected route in my browser, but when I do the request with postman it works!

Answer 1 · 2020-05-19T14:28:53.000Z

Authorization is a request header, not really valid in the response. So your browser is probably not sending back an Authorization header just because you sent it in the previous response.

Answer 2 · 2020-05-20T04:29:36.000Z

Closing as Github issues are not the right place for this kind of request. Please use issues for bugs or problems with the functionality of this module. For help with implementation or debugging consider stack overflow or the many tutorials available.