How can I use asymmetric algorithms
sergeyampo opened this issue · 3 comments
It's obviously how to make ES256 sign without passport-jwt like this example , but how can I make it using this framework. Maybe there's an option for public and private key, so if I just use custom signing callback I don't need passport-jwt at all
Can you provide an example of secretOrKeyProvider usage?
Same question here, i was trying to do this
const privateKey = fs.readFileSync('jwt/private.pem')
passport.passphrase = 'mypass'
onst optsJwt = {
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: {
key: privateKey,
passphrase: passport.passphrase
},
algorithms: ['RS256']
}
const checkFunction = (jwtPayload, cb) => {
Usuario.findOne({ username: jwtPayload.username }).exec((error, usuario) => {
if (error) { // Si hubo un error al momento de buscar en base de datos
return cb(error)
} else if (usuario) { // Si no hubo ningun error, se envia el usuario
return cb(null, usuario)
} else { // Si no se encuentra el usuario
return cb(null, false)
}
})
}
const estrategiaJwt = new JwtStrategy(optsJwt, checkFunction)
passport.use(estrategiaJwt)
but i am getting the error
TypeError: key must be a string or a buffer or a KeyObject at typeError (/usr/src/app/node_modules/jwa/index.js:115:10)
Problem solved, i am an idiot. The private key is for sign. To decode, you must use the public key.
The final working code for me:
const fs = require('fs')
const publicKey = fs.readFileSync('jwt/public.pem')
const optsJwt = {
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: publicKey,
algorithms: ['RS256']
}
const checkFunction = (jwtPayload, cb) => {
Usuario.findOne({ username: jwtPayload.username }).exec((error, usuario) => {
if (error) { // Si hubo un error al momento de buscar en base de datos
return cb(error)
} else if (usuario) { // Si no hubo ningun error, se envia el usuario
return cb(null, usuario)
} else { // Si no se encuentra el usuario
return cb(null, false)
}
})
}
const estrategiaJwt = new JwtStrategy(optsJwt, checkFunction)
passport.use(estrategiaJwt)
and, im not using this with express but with sails.js, here are mi login function and my policie to check authentication:
LOGIN:
login: (req, res) => {
// Hace llamado a passport desde la config correspondiente
sails.config.passport.authenticate('local', (error, usuario) => {
if (error) {
res.sendError(error)
}
if (!usuario) {
res.status(401).json({
message: 'Usuario o contraseña invalidos'
})
} else {
sails.log(`Usuario logueado correctamente: ${usuario.username}`)
const jwt = require('jsonwebtoken')
const fs = require('fs')
const privateKey = fs.readFileSync('jwt/private.pem')
const token = jwt.sign(
{
sub: usuario.id,
username: usuario.username
},
{
key: privateKey,
passphrase: sails.config.passport.passphrase
},
{
algorithm: 'RS256',
expiresIn: '2 days'
}
)
res.json({ token })
}
})(req, res)
}
AUTH:
module.exports = async function (req, res, proceed) {
sails.config.passport.authenticate('jwt', (error, usuario, info) => {
if (error) {
return res.sendError(error)
} else if (!usuario) {
return res.forbidden()
} else {
return proceed()
}
})(req, res)
}