CODEWITHSUNDEEP
expressjwtsequelize.jspassport.jspassport-jwt
smb
smb

Reputation: 589

PassportJS, PassportJWT and Express - 401 Unauthorized

App.ts - This is done initially to setup the strategies. I have bodyParser before them and setup like shown.

// for parsing application/x-www-form-urlencoded
this.app.use(bodyParser.urlencoded({ extended: true }));
// for parsing application/json
this.app.use(bodyParser.json());

this.app.use(passport.initialize());

this.passportService.setupStrategies();

Strategy Setup

   static getJWTStrategy() {
        let jwtOptions: any = {};
        jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
        jwtOptions.secretOrKey = process.env.JWT_KEY;

        return new JwtStrategy(jwtOptions, (jwt_payload, done) => {
            User.findOne({where: {id: jwt_payload.user_id}})
                .then((user: IUser | null) => {
                    if (user) {
                        return done(null, user);
                    } else {
                        return done(null, false);
                    }
                }).catch(err => done(err, false));
        })
    }

    setupJWTStrategy() {
        console.log("setupJWTStrategy");

        this.jwtSecretOrKey = process.env.JWT_KEY;

        const strategy = PassportService.getJWTStrategy();

        passport.use("jwt", strategy);
    }

Once the strategies are loaded, I load the controllers / routes.

The main issue I'm having is with this one route:

app.delete("/logout",
    passport.authenticate('jwt', { session: false }),
    this.logout.bind(this),
    this.send401
);

It's the only one that's using this authenticate jwt setup.

This is the function being used to generate the users JWT key so that it can be passed in to the DELETE /logout endpoint.

JWT Token Creation Function

let payload = {
    user_id: userModel.id,
    expiration: nextWeek.getTime(),
};

const token = jwt.sign(payload, process.env.JWT_KEY!);

They key is correct, and I can easily validate on jwt.io and it works everywhere else.

Anytime I try and call DELETE /logout I receive a 401 Unauthorized error. If I try and breakpoint debug it won't stop in the JwtStrategy callback verify function, and no console.log statements get hit there. What am I missing?

Upvotes: 0

Views: 42

Answers (0)

Related Questions