Cookie is not set using express and passport
I spent a long time trying figure it out why it's not working.
I'm implementing a login page using react. This page send the user and pass to backend (nodejs + express) using axios:
const login = useCallback(e => {
e.preventDefault()
fetch(process.env.REACT_APP_HOST + '/login', {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: e.target.elements.username.value,
password: e.target.elements.password.value
})
})
.then(response => {
if (response.ok) {
return response.json()
} else if (response.status === 401) {
throw new Error('Invalid user or pass.')
} else {
throw new Error('An error ocurred')
}
...
})
}, [])
In backend, I have a route that receive those data and check on ldap system. So I generate a token using JWT and save it on token
const express = require('express'),
passport = require('passport'),
bodyParser = require('body-parser'),
jwt = require('jsonwebtoken'),
cors = require('cors')
cookieParser = require('cookie-parser')
LdapStrategy = require('passport-ldapauth');
let app = express();
app.use(cookieParser())
app.use(cors());
....
app.post('/login', function (req, res, next) {
passport.authenticate('ldapauth', { session: false }, function (err, user, info) {
const token = jwt.sign(user, env.authSecret)
res.cookie('cookie_token', token) //it doesn't set the cookie
if (err) {
return next(err)
}
if (!user) {
res.sendStatus(401)
} else {
return res.status(200).send({ firstName: user.givenName});
}
})(req, res, next);
});
The problem is that the token is empty, it's not being set.
Couple of things. In your react fetch post method you need to add
withCredentials: true,
beside the httpheader.
fetch(process.env.REACT_APP_HOST + '/login', {
method: 'POST',
withCredentials: true,
credentials: 'include',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: e.target.elements.username.value,
password: e.target.elements.password.value
})
})
After that in your nodejs part you are using cors but validating all origin. Thats not going to work with credentials. You need to use cors like this to validate specific origin and also turn credentials to true-
app.use(cors({credentials: true, origin: 'http://localhost:4200'}));
after that you can send your cookie by
res.cookie('cookie_token', token, { maxAge: 900000 })
This way the cookie will arrive and once the cookie is arrived in client side you can retrieve the cookie with document.cookie or with any other package like "js-cookie"
- Switch node_modules folder when I change git branch
- How to merge multiple API calls into one call in REST API
- How to pass my createReadStream of an image file into a HTTP Post Request Body?
- PHP encrypt and decrypt in node JS
- Returning a Promise from "describe" is not supported. Tests must be defined synchronously
- Can you check if an npm version number is valid before running npm publish?
- React.js passing one components variables to another component and vice-versa
- React Audio Player Change current time of Audio
- How to detect and measure event loop blocking in node.js?
- Nestjs/TypeORM - How to implement custom search by column
- How to extend TypeORM repository in NestJS 9 (TypeORM 3.+)
- Sequilize query is returning only one row while using include
- Get an element when changes classname in Puppteer JS with the waitForSelector method
- Scraping nba.com page with puppeteer
- How to scrape multiple pages with puppeteer
- page.evaluate Vs. Puppeteer $ methods
- Puppeteer page.evaluate querySelectorAll return empty objects
- Navigation Timeout Exceeded scraping table in Puppeteer
- Unable to verify leaf signature
- How to create a directory if it doesn't exist using Node.js
- Is it good to use Promise this way?
- How to bulk insert into SQL using MySQL2?
- Can't connect to nodejs server
- SQL syntax error when trying to create a new table using TypeORM
- Class validator: Use class member as decorator argument
- Using next() and res.send .Cannot set headers after they are sent to the client. Error [ERR_HTTP_HEADERS_SENT]:
- How to mock a import?
- Error: querySrv ENOTFOUND _mongodb._tcp.dbname.fzofb.mongodb.net
- Why does Sequelize pluralize / singularize names of anything all? And how to stop that completely?
- How do I do Secure Remote Password (SRP) based sign in with Amazon Cognito in JavaScript?