0

I am using JWT for authenticating requests for the back-end api and it results in a unexpected error.

const generateJwt = function(rows) {
var expiry = new Date();
expiry.setDate(expiry.getDate() + 7);

return jwt.sign({
    _id: 1,
    email: rows.email,
    name: rows.username,
    exp: parseInt(expiry.getTime() / 1000),
}, "MY_SECRET"); // DO NOT KEEP YOUR SECRET IN THE CODE!

};

I am using the above code to generate the jwt and it generates successfully.

var jwt = require('express-jwt');
var auth = jwt({
secret: 'MY_SECRET',
userProperty: 'payload'
});

var router = express.Router();

router.get('/list',auth, controller.getMerchantList);

after a user is logged in I return the jwt token and I send the token when the client makes calls to the back-end.

$http.get('/api/merchant/list',{
  headers: {
    Authorization: 'Bearer '+ authentication.getToken()
  }
});

The generated token : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOjEsImVtYWlsIjoia2FzaGlmcm9zaGVuN0BnbWFpbC5jb20iLCJuYW1lIjoiQXJ5YSBTdGFyayIsImV4cCI6MTQ5OTg0NjEzOSwiaWF0IjoxNDk5MjQxMzM5fQ.-CCQwiadozSOuuIk9fil4aJh8D38NwgKYP3HpvClyKw

But I still get a 401. The jwt token is there in the front-end. I verified through a console.log. Can someone please help me solve this.

kashif roshen
  • 435
  • 1
  • 5
  • 9
  • can you pls. show us the generated token (pls. edit your question and add it there instead of answering with a comment) – jps Jul 05 '17 at 08:24
  • I added the token :) thanks in advance :) – kashif roshen Jul 05 '17 at 08:35
  • I'm not familiar with express-jwt, but recently there was a similar case like yours (token present but still 401) and it turned out to be a problem with the aud (audience) claim. (-> https://stackoverflow.com/questions/44398177/message-authorization-has-been-denied-for-this-request-owin-middleware/44409993#44409993 ) Your token doesn't have the aud claim. Maybe that's the problem. see also https://tools.ietf.org/html/rfc7519#section-4.1.3 – jps Jul 05 '17 at 08:49
  • Thank you :) I followed a tutorial and I did exactly what was said there :/ everything else works except for this :/ I will check how to set the audience in express-jwt :) – kashif roshen Jul 05 '17 at 08:57

1 Answers1

0
const Jwt=require('jsonwebtoken');

function generateToken(rows,callback){
    let tokenData={ _id: 1,
    email: rows.email,
    name: rows.username
    }
    return Jwt.sign(tokenData,"YOUR-SECRET-KEY",{ expiresIn: 60 * 60 },function(err,token){
        if(err) callback(err);
        else callback(null,token);
})
}

Send this token to the client. When receiving the token in the headers from the client. You need to verify that token using Jwt verify method. Your auth middleware should take the token from the headers and verify it.

function auth(req,res,callback){
    let token=req.headers.authorization;
    Jwt.verify(token,"YOUR-SECRET-KEY",function(err,decodedData){
        if(err)
            callback(err); // you can send your custom error too
        else
            callback(null,decodedData); 
        }
    )

}
Mukul Dev
  • 196
  • 8