Reputation: 23543
Verify Auth0 JWT with Node
Im getting a JWT from Auth0. I can decode it with the following middleware function on my Node server (using https://www.npmjs.com/package/jwt-node)
function authoriseToken(req, res, next) {
const token = req.headers.authorization.replace('Bearer ', '');
const decodedToken = jwt.decode(token);
console.log('decodedToken ', decodedToken);
next();
}
How can I verify the token? I keep getting an error JsonWebTokenError: invalid algorithm
function authoriseToken(req, res, next) {
const token = req.headers.authorization.replace('Bearer ', '');
const verifyedToken = jwt.verify(token, "my-secrete");
console.log('verifyedToken ', verifyedToken);
next();
}
Im not sure if I should be using a secrete or a jwksUri or what the difference is
Here is the actual token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik16QkJRa1k0T0RRNE9VWTJORVZGT1VJNFFrSXpNRUZDT0RaQ01VSTBOVGN4TWpVeU1UYzNRdyJ9.eyJpc3MiOiJodHRwczovL25vbWFkZ3JvdXBzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YjMxMDhkNjc4NzFkNTBkZTA0Njc2NWEiLCJhdWQiOiJTZkQyMEVPZVdRbHlnWXIwUHNXODdtYjd0OGFBOFI2NiIsImlhdCI6MTUzMDAxMzQwMCwiZXhwIjoxNTMwMDQ5NDAwLCJhdF9oYXNoIjoiUi1mRGc3SVRzUUdqemplX3VUR01RdyIsIm5vbmNlIjoiQnN-VmZxNzdtNERuaTJ1LjlIUVJlSEpzeHA4UjF2aDcifQ.CwZb6j3DshbD5M-OWBQpc10EIpAd3D-TuZTA1p7alePobSRVM7bE9Yzr5DIRyc2YUQZQ_OBwVLfFPq0pEBTWFYq2O43FJZ726xP1zK7Ty4PvAoLe4Cx6E0Ow8V8Ymo87XCIKX8J1ndg47q5glKzsnSMToutEWRZ2lnxJyirD4m4EwFykDF8DalA1sWvqnYXEwWraY3VLroqyZH2nkeLDcpcMdJ0tWwmzldwi7ym9OmegV5GBl7F6BgrZNIJfdoT88Rs4AKzogJyJuVQ1XlD7Up_nYlAKBmRMgkFt3t_4iq7pTkgdrWl1tXuJQsnmkkVH6_yffNYrWDnuirWwTCG4XQ
Upvotes: 1
Views: 3768
Answers (2)
Reputation: 23543
Expanding on Gabriel Bleu's answer here is my complete code:
const jwt = require('jsonwebtoken');
const pemCert = `-----BEGIN CERTIFICATE-----
// <<CERT CODE HERE>>
-----END CERTIFICATE-----`;
function authoriseToken(req, res, next) {
const token = req.headers.authorization;
// If there is no token user is not logged in
if (!token || token.length === 0) {
next();
return;
}
// If there is a token then add it to the res
const tokenCrop = token.replace('Bearer ', '');
const decodedToken = jwt.verify(tokenCrop, pemCert, { algorithm: 'RS256' });
const userId = decodedToken.sub.replace('auth0|', '');
req.authUserId = userId;
next();
}
module.exports = authoriseToken;
Upvotes: 0
Reputation: 10204
verify takes algorithms option in third parameter, adjust value with the correct one.
You can find it under applications > advanced settings > oauth > JsonWebToken Signature Algorithm
Upvotes: 3
Related Questions
- Verifying Auth0 JWT throws invalid algorigthm
- How can I verify a token from Auth0 in nodejs backend with jwt? JsonWebTokenError
- Verify a JWT token string, containing 'Bearer ' with NodeJS
- Correct way to verify Jwt
- Check auth with JWT (nodeJS)
- Validating a JWT in node.js
- authentication using JWT in NodeJS
- Auth0 + JWT + NodeJS + Express End-user authentication (Login)
- JWT Auth for NodeJS and Auth0
- NodeJS JWT token verification