Express-jwt with $window.localStorage throws SyntaxError

Question

I was following this tutorial: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

When a http request is made to the /restricted from the front-end, I get this error in the cmd:

SyntaxError: Unexpected token m
at Object.parse (native)
at Object.jwsDecode [as decode]

and so on.

I will show a simplified version of my code.

NodeJS:

Login function, responds with a token:

app.post('/login', function (req, res) { 
    var token = jwt.sign(email, secret, expires);
    res.json({ token: token });
});

The setup for restricting access etc.

var application_root = __dirname,
express = require("express"),
expressJwt = require('express-jwt'),
jwt = require('jsonwebtoken');

var app = express();

app.use(express.json());
app.use(express.urlencoded());

var secret = '9mDj34SNv86ud9Ns';

// We are going to protect /api routes with JWT
app.use('/restricted', expressJwt({secret: secret}));

app.get('/restricted', function (req, res) { console.log('fuck'); });

AngularJS:

Request interceptor:

app.factory('httpRequestInterceptor', function ($rootScope, $q, $window) {
    return {
        request: function (config) {
            config.headers = config.headers || {};
            if ($window.localStorage.token) {
                config.headers.Authorization = 'Bearer ' + $window.localStorage.token;
                console.log('Bearer ' + $window.localStorage.token);
            }
            return config;
        },
        response: function (response) {
            if (response.status === 401) {
                // handle the case where the user is not authenticated
            }
            return response || $q.when(response);
        }
    };
});

Config for pushing the interceptor:

$httpProvider.interceptors.push('httpRequestInterceptor');

HTTP request to /restricted:

        $http({url: '/restricted', method: 'GET'})
            .success(function (data, status, headers, config) {
                console.log(data.name); // Should log 'foo'
            });

The only visible difference betweeen my code and the tutorial code is that I am using localStorage instead of sessionStorage.

what do you see in the browser when you log $window.localStorage.token — José F. Romaniello, Aug 19 '14 at 17:56
When I log it just after login has been successful: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.bWFya3VzcGludEBob3RtYWlsLmNvbQ.LV6l-MrGhWXQLn5mFtaG3Mfk77nuzV9S1-fiFci3pdQ — Markus Pint, Aug 19 '14 at 18:20
And just before http request to /restricted: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.bWFya3VzcGludEBob3RtYWlsLmNvbQ.LV6l-MrGhWXQLn5mFtaG3Mfk77nuzV9S1-fiFci3pdQ — Markus Pint, Aug 19 '14 at 18:21

score 2 · Answer 1 · answered Aug 19 '14 at 18:58

2

I ask, I answer.

In creating the token on this line:

var token = jwt.sign(email, secret, expires);

I used email, which was just a regular variable.

var email = req.body.email;

However, the expressJwt expects a JSON:

var profile = {
    first_name: 'John',
    last_name: 'Doe',
    email: 'john@doe.com',
    id: 123
};

I had no idea this could be a problem.

answered Aug 19 '14 at 18:58

Markus Pint

348
3
17

Yes, that's an open issue https://github.com/auth0/node-jsonwebtoken/issues/14 .. Try with {email: email} instead of string. – José F. Romaniello Aug 20 '14 at 12:47

Express-jwt with $window.localStorage throws SyntaxError

1 Answers1