Passport JWT - Unauthorized

node.js express jwt passport.js

10,902

Solution 1

You have to change these things:

1) You have to change jwtFromRequest: ExtractJwt.fromAuthHeader(), to jwtFromRequest :ExtractJwt.fromAuthHeaderAsBearerToken(),

2) Set the header: Authorization:Bearer {token}

3) jwt_payload._id change to jwt_payload._doc._id

Solution 2

I was experiencing the same problem! The code below worked for me.

module.exports = function(passport) {
    passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
        User.findById(jwt_payload._id, function(err, user) {
            if (err) {
                return done(err, false);
            }
            if (user) {
                done(null, user);
            } else {
                done(null, false);
            }
        });
    }));
};

The problem lies with User.findOne({id: jwt_payload.id}, ...

Also while attaching the token to the header use the 'beforeSend' in the AJAX call in this format:

$.ajax({
        url:  url,
        type: 'POST',
        data: data,
        beforeSend: function(xhr) {
          xhr.setRequestHeader('Authorization', window.localStorage.getItem('token'));
        },
        success: function(data) {
          console.log(data);
        },
        error: console.log("Error");
});

Solution 3

You probably must have made a mistake in the request header. As per the README, it should be 'Authorization' = 'bearer token_received_on_login'

10,902

Author by

KayTokyo

Updated on June 14, 2022

Comments

KayTokyo almost 2 years

I'm having a problem where its always returning unauthorized for me. When i set the header Authorization to the token that received. It returns back with.

Unauthorized

router.get('/dashboard', passport.authenticate('jwt', {session: false}), (req, res) => {

    res.json('It worked: User ID is: ' + req.user._id);

});

var jwtOptions = {

    jwtFromRequest: ExtractJwt.fromAuthHeader(),
    secretOrKey: config.jwt.secretOrKey
    //issuer: config.jwt.issuer,
    //audience: config.jwt.audience,
};

passport.use(new JWTStrategy(jwtOptions, (jwt_payload, done) => {

    User.findOne({id: jwt_payload.id}, (err, user) => {

        if (err) {
            return done(err, false);
        }

        if (!user) {
            return done(null, false);
        }

        return done(null, user);

    });

}));

Dara Java over 6 years

This worked for me except the third step only needed to be what you signed the token with (in my case it was the username)
lzl124631x about 6 years

Set the header: Authorization:Bearer {token} worked for me.
Francis Ngueukam almost 6 years

The third point may change depending on versions of passport and passport-jwt. You should always check the content with console.log(jwt_payload). In some cases (passport 0.4.0 and passport-jwt 4.0.0) you should use jwt_payload.payload._id.