Passport JWT - Unauthorized
Solution 1
You have to change these things:
1) You have to change
jwtFromRequest: ExtractJwt.fromAuthHeader(),
to jwtFromRequest :ExtractJwt.fromAuthHeaderAsBearerToken(),
2) Set the header:
Authorization:Bearer {token}
3) jwt_payload._id
change to jwt_payload._doc._id
Solution 2
I was experiencing the same problem! The code below worked for me.
module.exports = function(passport) {
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findById(jwt_payload._id, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
done(null, user);
} else {
done(null, false);
}
});
}));
};
The problem lies with User.findOne({id: jwt_payload.id}, ...
Also while attaching the token to the header use the 'beforeSend' in the AJAX call in this format:
$.ajax({
url: url,
type: 'POST',
data: data,
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', window.localStorage.getItem('token'));
},
success: function(data) {
console.log(data);
},
error: console.log("Error");
});
Solution 3
You probably must have made a mistake in the request header
.
As per the README, it should be 'Authorization' = 'bearer token_received_on_login'
KayTokyo
Updated on June 14, 2022Comments
-
KayTokyo almost 2 years
I'm having a problem where its always returning unauthorized for me. When i set the header Authorization to the token that received. It returns back with.
Unauthorized
.
router.get('/dashboard', passport.authenticate('jwt', {session: false}), (req, res) => { res.json('It worked: User ID is: ' + req.user._id); });
.
var jwtOptions = { jwtFromRequest: ExtractJwt.fromAuthHeader(), secretOrKey: config.jwt.secretOrKey //issuer: config.jwt.issuer, //audience: config.jwt.audience, }; passport.use(new JWTStrategy(jwtOptions, (jwt_payload, done) => { User.findOne({id: jwt_payload.id}, (err, user) => { if (err) { return done(err, false); } if (!user) { return done(null, false); } return done(null, user); }); }));
-
Dara Java over 6 yearsThis worked for me except the third step only needed to be what you signed the token with (in my case it was the username)
-
lzl124631x about 6 years
Set the header: Authorization:Bearer {token}
worked for me. -
Francis Ngueukam almost 6 yearsThe third point may change depending on versions of passport and passport-jwt. You should always check the content with
console.log(jwt_payload)
. In some cases (passport 0.4.0 and passport-jwt 4.0.0) you should use jwt_payload.payload._id.