Search code examples
node.jsauthenticationpostmanpassport-jwt

fromAuthHeaderAsBearerToken is not working in NODE

I did following things to passport authentication in Node.

1) I am using jwtFromRequest : ExtractJwt.fromAuthHeaderAsBearerToken(),

module.exports = function(passport){
    var opts = {};
    opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
    opts.secretOrKey = config.secret;
    console.log('Inside passport');
    //opts.issuer = 'accounts.examplesoft.com';
    //opts.audience = 'yoursite.net';
    passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
        console.log('Payload :: '+jwt_payload._doc);
        User.getUserById({id: jwt_payload._doc._id}, function(err, User) {
            if (err) {
                return done(err, false);
            }
            if (User) {
                return done(null, User);
            } else {
                return done(null, false);
                // or you could create a new account
            }
        });
    }));

2) Calling the method in the following way:

userExpressRoutes.route('/profile')
    .get(passport.authenticate('jwt', { session: false }), function (req, res) {  });

3) Setting the header in Ppostman like : Authorization:Bearer {token}

Post Authentication Header

4) It is giving undefined payload

Payload :: undefined
TypeError: Cannot read property '_id' of undefined

What is missing here to get Jwt_payload?

Can someone help me?

Solution

  • I resolved this issue by below code snippet. Thanks everyone for support...

    const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const User = require('../models/User');
const config = require('../config/DB');

module.exports = function(passport){
  let opts = {};
  opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
  opts.secretOrKey = config.secret;
  passport.use(new JwtStrategy(opts, (jwt_payload, done) => {
    User.findById(jwt_payload.data._id, (err, User) => {
      if(err){
        return done(err, false);
      }

      if(User){
        return done(null, User);
      } else {
        return done(null, false);
      }
    });
  }));
}

    Then In request headers pass token like this

    Authorization:bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ2xpZW50IiwiX2lkIjoiNWUzN2NkMGI4YTAxNjEwNWNhMmFjZjYwIiwiZW1haWwiOiJwcmFqYWt0YUBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiQyYiQxMCRzWXN4MGcyWGsybWdSTHNaZXBEYkV1MklRcGhVOURkNnczeTBHaUxMWHJVeW5aazlUR0xKSyIsIl9fdiI6MCwiaWF0IjoxNTgwNzE4NjQxLCJleHAiOjE1ODA3Mjg3MjF9.T8n1YWRSHfr_1caZ51TbT4VdnBx2uXg1x2JOJC-TBL0