Stack Overflow
Stack Overflow

Questions tagged [express-jwt]

Connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

Middleware that validates JsonWebTokens and set req.user.

This module lets you authenticate HTTP requests using JWT tokens, in your Node.js applications. JWT tokens are typically used protect API endpoints, and are often issued using OpenID Connect.

GitHub: https://github.com/auth0/express-jwt

375 questions
12
votes
2 answers

Handling parameterised routes in express-jwt using unless

Given the following route: router.get('/api/members/confirm/:id, function (req, res, next) how do I specify the route to be excluded? I have tried: app.use('/api', expressJwt({ secret: config.secret}).unless({path: ['/api/members/confirm']})); and…
Samuel Goldenbaum
  • 18,391
  • 17
  • 66
  • 104
10
votes
4 answers

Node js, JWT token and logic behind

I'm using the JWT to protect node js urls https://github.com/auth0/express-jwt To create a JWT token user session i simply do: -> auth/signup -> jwt.sign(user_profile,secret,expireInMinutes:{900000000 /*almost never expires*/}); OR in case of…
itsme
  • 48,972
  • 96
  • 224
  • 345
9
votes
3 answers

How to add additional properties to JwtPayload type from @types/jsonwebtoken

I am new to typescript and experimenting with porting an express app to use typescript. The server uses JWTs for authentication/authorisation and I have a utility function that decodes and verifies a given token. The function is wrapped in a promise…
Braden
  • 680
  • 1
  • 11
  • 26
9
votes
1 answer

How to get user id using jwt token

I tried to get user id from a JWT token. I got a JWT token and sucessfully verified it, but it doesn't return an id. When I decode the JWT: const decoded = jwt.verify(token, config.get('jwtPrivateKey')); var userId = decoded.id …
hari prasanth
  • 716
  • 1
  • 15
  • 35
9
votes
4 answers

Passport JWT Strategy not getting called

I am trying to authorise my JWT token with passport middleware but the strategy callback function is not getting called. In my app.js file, I am specifying for my /users routes to use the middleware like so: app.use('/users',…
Stretch0
  • 8,362
  • 13
  • 71
  • 133
9
votes
1 answer

Any complete example for express-jwt?

I want to use express-jwt in my express node application but I can not find any examples which demonstrate signing-in part. Any help please?
Saro
  • 810
  • 2
  • 12
  • 22
8
votes
3 answers

Jsonwebtoken verify always return only {iat: xxx }

According to documentation, https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback, jwt.verify will returns decode payload, I run the simple script: var token = jwt.sign({email: req.body.email,}, 's3cr3t'); var…
egig
  • 4,370
  • 5
  • 29
  • 50
8
votes
2 answers

How do I use a wildcard in JWT unless?

I'm using express-jwt to secure my node application, and am wondering how I can use a wildcard in the unless parameter. My working code is below, what I'd really like to do is open up access to anything that has a path starting with '/login' so I…
Graham
  • 7,431
  • 18
  • 59
  • 84
8
votes
1 answer

Role based authorization with express-jwt?

I am using express-jwt to protect my API endpoint so that only authenticated users can access my APIs. Now I want to also protect my APIs based on user's role too. For example, user can only access some APIs if they are admin, some others if they…
congtrungvnit
  • 635
  • 1
  • 10
  • 16
8
votes
4 answers

Express JWT Error: Not enough or too many segments in socket.io initial auth

During the initial handshake where a token and username are passed, I am catching this strange error-- { handle: 10, type: 'error', className: 'Error', constructorFunction: { ref: 11 }, protoObject: { ref: 12 }, …
sjt003
  • 2,407
  • 5
  • 24
  • 39
8
votes
1 answer

implementing refresh-tokens with angular and express-jwt

I want to implement the Sliding expiration concept with json web tokens using angular, nodejs and express-jwt. I'm a little confused on how to do this, and am struggling to find any example of refresh tokens or and other material relating to…
user979441
  • 301
  • 1
  • 2
  • 8
8
votes
3 answers

Json web token does not expire

I just implemented a json web token authentication, on my backend I send the token which is created by jsonwebtoken to the client as following: var token = jwt.sign(user, secret.secretToken, { expiresInMinutes: 1 }); return res.json({ token: token…
anvarik
  • 6,417
  • 5
  • 39
  • 53
7
votes
2 answers

Header are not passed through after updating nestjs/graphql

I'm about to update my project dependencies to the next major versions but i can't get nestjs/graphql + nestjs/passport to work. It looks like the request header is not passed through apollo server. Everytime when passport tries to extract the…
w0wka91
  • 189
  • 2
  • 9
7
votes
1 answer

SailsJS - using sails.io.js with JWT

I have implemented an AngularJS app, communicating with Sails backend through websockets, using sails.io.js. Since the backend is basically a pure API and will be connected to from other apps as well, I'm trying to disable sessions completely and…
Leo
  • 3,822
  • 3
  • 21
  • 26
6
votes
2 answers

JsonWebToken: activity-based expiration vs issuing time-based expiration

I'm fairly new to token based authorization. I'm trying to find the flaws in a custom expiration/token-refresh scheme. I have a basic JWT auth setup in an Express API; I'm setting the JWT expiration to 1 hr; However, JWT checks token expiration…
rgwozdz
  • 1,093
  • 2
  • 13
  • 26
1
2
3
24 25