I'm trying to setup JWT authentication using passport-jwt. I think I've taken the right steps, but a test GET won't succeed and I don't know how to debug it.
Here's what I've done:
setup passport-jwt straight out of the doc as much as possible
var jwtOptions = { secretOrKey: 'secret', issuer: "accounts.examplesoft.com", // wasn't sure what this was, so i left as defaulted in the doc audience: "yoursite.net" // wasn't sure what this was, so i left as defaulted in the doc }; jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeader(); passport.use(new JwtStrategy(jwtOptions, function(jwt_payload, done) { User.findOne({id: jwt_payload.sub}, function(err, user) { if (err) { return done(err, false); } if (user) { done(null, user); } else { done(null, false); // or you could create a new account } }); }));
Added a token result to my user /login endpoint
var jwt = require('jsonwebtoken'); // ... exports.postLogin = function(req, res, next) { passport.authenticate('local', function(err, user, info) { if (err) throw err; if (!user) { return res.send({ msg: 'Login incorrect' }); } req.logIn(user, function(err) { if (err) throw err; var secretOrKey = jwtOptions.secretOrKey; var token = jwt.sign(user, secretOrKey, { expiresIn: 631139040 // 20 years in seconds }); res.send({ user: user, jwtToken: "JWT " + token }); }); })(req, res, next); };
Things were looking good up to here. I can login a user (using passport local auth) and the response was a I hoped...
{ "user": { "_id": "56c8b5bd80d16ef41ec705dd", "email": "peachy@keen.com", "password": "$2a$10$zd ... etc.", "__v": 0, }, "jwtToken": "JWT eyJ0eXAiOiJ .... etc." }
I created an unprotected test route like this...
// in my routes file
app.get('/user/tokenTest', user.tokenTest);
And in my controller, a simple endpoint...
exports.tokenTest = function(req, res) {
console.log(req.headers);
res.send("token test!!");
};
And GET-ing that works fine, too.
But then I try to protect that route like this:
app.get('/user/tokenTest', passport.authenticate('jwt', { session: false }), user.tokenTest);
After I do that, nothing but sadness. I send a request like this:
curl -k 'https://localhost:3443/user/tokenTest' -H 'Authorization: JWT eyJ0eXAiOiJ... etc.'
And always, always get a 401:
Unauthorized
Console logs in the controller don't seem to execute, neither does logging in the passport.use
strategy method. I've tweaked and tweaked, but I'm a little lost. The passport-jwt doc just supplies the example, and virtually no other help.
Please, any ideas about either a mistake that I'm making above, or at least how to go about debugging??
See Question&Answers more detail:os