Stack Overflow
Stack Overflow

Questions tagged [express-jwt]

Connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

Middleware that validates JsonWebTokens and set req.user.

This module lets you authenticate HTTP requests using JWT tokens, in your Node.js applications. JWT tokens are typically used protect API endpoints, and are often issued using OpenID Connect.

GitHub: https://github.com/auth0/express-jwt

375 questions
5
votes
2 answers

Express-jwt middleware typescript types issue

I am trying to implement an express API that authenticates via a jwt token and I'm using the express-jwt middleware to authenticate access to a method: import express from 'express' import jwt from 'express-jwt' const app =…
Kavfixnel
  • 151
  • 3
  • 10
5
votes
9 answers

TypeError: expressJwt is not a function

I'm trying to write middleware for user authorization in my app. I use this function to check if a route requires being sign in. The code is as follows: const { expressJwt } = require('express-jwt'); exports.requireSignin = expressJwt({ secret:…
user9507446
  • 333
  • 1
  • 3
  • 14
5
votes
2 answers

jwt token how to ensure the payload is updated when database change

I have a question regarding the concept of JWT token type of authentication. So suppose I sign a jwt token after user logged in, the token payload contains the username and userRole. I then return the token to the user and store in user's…
leo277
  • 433
  • 2
  • 15
5
votes
1 answer

Why is jsonwebtoken throwing an "invalid signature" error?

I am using the jsonwebtoken package (https://github.com/auth0/node-jsonwebtoken) to handle JWTs in my project. No matter what I try, it gives me this error: name: 'JsonWebTokenError', message: 'invalid signature' Here is where I sign the JWT: const…
Brian
  • 385
  • 1
  • 5
  • 23
5
votes
1 answer

Can JSON Web Tokens (JWT) be rejected or blacklisted if a user wants to sign out of an account from a different machine?

I'm building an app that requires authentication and I'm worried users might want to be able to remotely log out. Is there a way to use JSON Web Tokens and be able to blacklist or reject them? I understand that their benefit is statelessness, but it…
Adam S
  • 509
  • 10
  • 24
5
votes
1 answer

express-jwt setting user object to req.user._doc instead of just req.user?

I've used the npm package express-jwt in the past for easy JWT signing, decoding, etc. Usually (and according to the docs) it intercepts a request, decodes the token with the user object payload and sets req.user to that payload. However, this time…
bobbyz
  • 4,946
  • 3
  • 31
  • 42
4
votes
1 answer

What is the MUST have claims for JWT refresh tokens? Can it be identical to the access token (with a longer exp)?

Im playing around and creating a custom access token system using JWT. I have already created a system for signing and validating JWT access tokens. However, I find it hard to obtain information about what claims a refresh token should consist…
89282820
  • 43
  • 5
4
votes
1 answer

Cookie is not set using express and passport

I spent a long time trying figure it out why it's not working. I'm implementing a login page using react. This page send the user and pass to backend (nodejs + express) using axios: const login = useCallback(e => { e.preventDefault() …
mr.abdo
  • 445
  • 1
  • 5
  • 15
4
votes
3 answers

How do I get a key for jsonwebtoken secret?

I am using the jsonwebtoken module for Node. How can I get a secret key for the jwt.sign function: jwt.sign(payload, secretOrPrivateKey, [options, callback]) According to the documentation: secretOrPrivateKey is a string, buffer, or object…
Chidi Williams
  • 399
  • 6
  • 16
4
votes
3 answers

Express.js middleware executing for a route defined above it

From what I have read here and here, the order in which you place your middleware function matters, as you can have certain routes not go through the middleware function if it is placed before the route, and the routes which are placed after will go…
farbodg
  • 675
  • 4
  • 14
  • 25
4
votes
1 answer

JWT, Using a dynamic secret key stored in DB

I need some advice about future pitfalls and problems if I go forward with below approach. I am using JWT and I need to expire all previous tokens of a user when he/she changes his/her password. The approach I took to make a unique secret key for…
Utkarsh Pandey
  • 1,682
  • 1
  • 12
  • 11
4
votes
2 answers

Where jsonwebtoken stored in server nodejs . How to expire JWT once user gets logout

I am storing Tokens on Session/Local storage on the client side.The problem I am facing is once a user copies that token and uses it for other logged-in session services it works but it should return invalid token on JWT.varify. Is there any way to…
Anurag G
  • 272
  • 4
  • 16
4
votes
1 answer

How to check for JWT token remaining validity time golang

I am setting the the expiration of JWT token claims using claims["exp"] = time.Now().Add(time.Hour * time.Duration(settings.Get().JWTExpiration)).Unix() where settings.Get().JWTExpiration gives me the settings I have made in my application…
codec
  • 7,978
  • 26
  • 71
  • 127
4
votes
2 answers

Using Passport for Authentication of API Endpoints

Following a couple tutorials on adding authentication using jsonwebtoken, passport, and passport-local I've become stuck on integrating it into my project. I want it so that any requests to any of the API endpoints require authentication, and also…
gh0st
  • 1,653
  • 3
  • 27
  • 59
4
votes
2 answers

No authorization token was found when res.redirect

I have two applications, both on Nodejs. One front-end and other back-end. My back-end app is protected with token access using express-jwt and jsonwebtoken middlewares. My problem is: I am making a request from front-end to back-end passing the…
Rafael Teixeira
  • 47
  • 1
  • 7
1 2
3
24 25