I am implementing, for the first time, an authentication involving passport and JWT. My question is this: when I send an already expired token in the header, I get the message "Unauthorized". My code is as follows:
In routes.js:
app.route('/people/:id')
// .all(function(req, res, next) {
// app.auth.authenticate(req, res, next);
// })
// .all(app.auth.authenticate)
.all(app.auth.authenticate())
.get(controller.getPeopleById)
.delete(controller.deletePeople);
The commented parts are all that I have tried
In auth.js:
var passport = require("passport");
var passportJWT = require("passport-jwt");
var ExtractJwt = passportJWT.ExtractJwt;
var Strategy = passportJWT.Strategy;
module.exports = function(app) {
const options = {
secretOrKey: app.config.config.jwtSecret,
jwtFromRequest: ExtractJwt.fromAuthHeader()
};
var strategy = new Strategy(options, function(payload, done) {
console.log("payload: " + JSON.stringify(payload));
});
passport.use(strategy);
return {
initialize : function() {
return passport.initialize();
},
authenticate : function() {
return passport.authenticate('jwt', app.config.config.jwtSession);
// return passport.authenticate('jwt', app.config.config.jwtSession, function(error, done, info) {
// if (error) {
// console.log("error: " + error);
// }
// if (done) {
// console.log("done: " + JSON.stringify(done));
// }
// if (info) {
// console.log("info: " + info);
// }
// });
// }
}
}
};
In middlewares.js:
var bodyParser = require("body-parser");
var config = require("./config/config")();
module.exports = function(app) {
app.set("port", config.port || 3000);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(app.auth.initialize());
};
All I want to do is capture the error that happens in the authentication to customize the messages, for example: "Token expired, log in again" but as it is, it does not enter the validation method of the strategy. Has anyone ever experienced this? Grateful.