Reputation:
JWT nodejs / express - Invalid signature
I'm having trouble with Jwt and especially an error "Invalid Signature".
I'm generating a token after the user logs in (jsonwebtoken).
userSchema.methods.generateJwt = function() {
var expiry = new Date();
//expiry.setDate(expiry.getDate() + 7);
expiry.setDate(expiry.getDate() + 2);
return jwt.sign({
_id: this._id,
username: this.username,
name: this.lastname,
exp: parseInt(expiry.getTime() / 1000),
}, process.env.SRCT, {
algorithm: 'HS256'
});
}
Then I'm creating an express-jwt middleware to add it to routes :
var auth = jwt({
secret: process.env.SRCT,
userProperty: 'payload'
});
Used like this :
router.get('/', auth, ctrlUser.slash);
My JWT created is passed in the front end request (Authorization bearer) and is the same as the one created right after the login, according to the debugger.
But unfortunatly, I'm still having the error {"message":"UnauthorizedError: invalid signature"} after each request to the nodejs backend.
Could someone tell me what I am doing wrong to have an invalid signature?
Thanks in advance
Upvotes: 2
Views: 1634
Answers (3)
Reputation: 1
I know this is old, but in case somebody else has the same issue and stumbles upon this...
It sounds like the problem is most likely dotenv related. Try moving the dotenv import statement to the top (or as near the top as possible) of your file.
Upvotes: 0
Reputation: 1430
You don't seem to be parsing the request headers for the token, nor using verify() function of the JWT library for that. your auth middleware should look something like this
module.exports = (req, res, next) => {
try {
//parse the token from Authorization header (value of "bearer <token>")
let token = req.headers.authorization.split(" ")[1];
//verify the token against your secret key to parse the payload
const tokenData = jwt.verify(token, process.env.JWT_SECRET_KEY);
//add the data to the request body if you wish
req.user = tokenData;
next();
} catch (err) {
res.status(401).json({
message: "Unauthorized access error!",
});
}
};
Upvotes: 0
Reputation: 1867
Where is your verify function ? You need to check on every request made to a protected area that token is really valid, jwt provides a function verify to do that.
Upvotes: 0
Related Questions
- Always getting invalid signature in jwt.io
- ExpressJs JWT secret or public key must be provided
- Trying to sign a jwt returns undefined
- Couldn't generate jwt token with a nodejs sign-in
- JWT Returns Invalid Signature Error Even When I enter the token in Authorization
- JWT token is always invalid when verified
- Node.js: JWT with Express - "Invalid Token" Error when verifying
- Node.js njwt Signature verification failed
- Send JWT from AngularJS to Node.js
- JWT not decoding "JWT malformed" - Node Angular