I'm getting a 401 "Unauthorized" error when trying to fetch a refresh token from the backend in my MERN stack app that I'm building. Here on SO, I found a post where someone said they solved this by using the ExtractJwt method fromAuthHeaderWithScheme("Bearer"), but I tried that and it didn't work. I was using the fromAuthHeaderAsBearerToken() method earlier, so I also tried both by doing
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme("Bearer") &&
ExtractJwt.fromAuthHeaderAsBearerToken();
But this didn't work either. I don't know what else to try.
Here's my full code on GitHub.
I was getting a 404 "Not Found" error before too, so I added the full URL on the fetch request to the /refreshToken route. I don't have to do that for any other route. How can I get it to where I can do just "/api/users/refreshToken" like I do with other routes without getting that error? What problems do I have in my proxy setup (I assume it's a proxy issue, since I shouldn't get a 404 error otherwise)?
I resolved the problem.
First, the "jwt" or "bearer" (case doesn't matter) prefix on the value for the token property in the server's response to the client interferes with that in the Authorization header the client has to send back with the token. Someone on here told me to include it, but I had to change it back because of this.
I also had to prematurely deploy the app because httpOnly cookies have to be secure if sameSite is "none", and for secure cookies you have to deploy the app such that it also gets a valid TLS/SSL cert; localhost didn't work for me though, so I had to do an actual deploy. I hope this helps someone else facing a similar issue: don't try to put in SSL/TLS certs for localhost, since it's too hard or may even be impossible now.