Search code examples
vue.jsoauth-2.0jwtexpress-jwt

All routes work except for router.delete due to 'UnauthorizedError: Unauthorized'. Why?

I have a Vue project and all of my routes are structured the same, however, one of them always gives me an unauthorized error.

Here are the routes:

router.get('/:userId/reviews', checkJwt, verifyUser, controller.getReviewsByUserId)
router.put('/:userId/review', checkJwt, verifyUser, controller.updateReview)
router.delete('/:userId/review', checkJwt, verifyUser, controller.removeReviewFromUser) // this is the broken route

If I were to change the broken route to:

router.put('/:userId/delete/review', checkJwt, verifyUser, controller.removeReviewFromUser)

Then it works just fine. The checkJwt middleware is where the issue is coming from. But I have 10 other routes that are structured IDENTICALLY to the delete route that is failing. Why?

Here is the checkJwt code even though this should not be where the issue is since it DOES work for all of my other 15 routes as long as the http verb is put, post, or 'get:

const { auth } = require('express-oauth2-jwt-bearer')

// Setup auth
const checkJwt = auth({
  audience: 'MY-AUDIENCE',
  issuerBaseURL: 'https://simplyadvanced.auth0.com/'
})

module.exports = {
  checkJwt
}

And here is the full error message:

UnauthorizedError: Unauthorized
    at getToken (C:\Users\cody\App\app-core\api\node_modules\express-oauth2-jwt-bearer\dist\index.js:83:15)
    at C:\Users\cody\App\app-core\api\node_modules\express-oauth2-jwt-bearer\dist\index.js:353:25
    at Layer.handle [as handle_request] (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\cody\App\app-core\api\node_modules\express\lib\router\index.js:281:22
    at param (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\index.js:360:14)
    at param (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\index.js:371:14)
    at Function.process_params (C:\Users\cody\App\app-core\api\node_modules\express\lib\router\index.js:416:3)
Solution

  • Figured it out. DELETE requests should not have a request body so by removing the body and adding the ID to the URL request parameter, it worked.