Currently utilizing a JWT authentication schema where the tokens have "Bearer: in the schema. Is it possible to remove the "Bearer" prefix so I wouldn't need to add it on the client side just to parse it out on the backend again? Is there a way to do this without implementing a custom scheme (So while still using the Bearer scheme) AND without having to parse the actual token for the "Bearer: " text?
Right now, the code looks like:
var token = req.headers.authorization;
var newToken = token.replace("Bearer ", "");
jwt.verify(newToken, jwtSecret, function (err, success) {
if (err) {
return res.
status(401).
end('Unauthorized, invalidtoken');
} else {
return next();
}
})
Ideally it would be implemented as such:
var token = req.headers.authorization;
jwt.verify(token, jwtSecret, function (err, success) {
if (err) {
return res.
status(401).
end('Unauthorized, invalidtoken');
} else {
return next();
}
})
Would this be okay? What are the implications of removing "Bearer" from the jwt authorization headers ?
Thanks
There is no programmatic difference from removing Bearer token in formatting the request header. If you do choose to do so, you are violating RFC and HTTP standards. It would be like sending a payload in a GET response and saving data to the database.
Use of bearer tokens derived from the Oauth design so have a look at here for standards.