Search code examples
jsonauthenticationexpressjwtexpress-jwt

Express JS and JWT - Token Type not shown in decoded header


I just added token based authentication to my express JS application - Looks like the token type doesn't show in the decoded section.

I'm testing using https://jwt.io/

Token I used to test -

 eyJhbGciOiJIUzI1NiJ9.eyJfaWQiOiJSYW4zIiwibmFtZSI6IlJhbjMgVGVzdCJ9.YPJXc4tp8NaWcboE9obwGvm-AGa6fkN1IA6y0pT7u-w"

The header section just shows up

{
 "alg": "HS256"
}

I expect it to show up like this -

{
 "alg": "HS256",
 "typ": "JWT"
}

Please explain why the Token type is missing from the header?

I generate the token like this -

 var token = jwt.sign(JSON.stringify(user_dict), app.get('superSecret'));

Thanks


Solution

  • The "type" is an optional setting on the header per the spec which is not typically utilized so most examples don't share how to do it. Assuming you are using this library (https://github.com/auth0/node-jsonwebtoken) you will be able to pass in options to the "header" via options.header value which should allow you to specify the field "typ":"JWT" via

    var options = { "header": { "typ": "JWT" } };
    var token = jwt.sign(JSON.stringify(user_dict), app.get('superSecret'), options);