Issue with verifying JWT token2019 Community Moderator ElectionInvalidating JSON Web TokensRegistering Glass Timeline Notification with NodeSending JWT token in the headers with PostmanJWT (JSON Web Token) automatic prolongation of expirationWhy this error coming while running nodejs server?angular2 with Slim framework jwt authenticationUndefined _id populate with express, moongose/MongoDB on NodejsPassport JWT is always returning 401 unauthorized when using OpenID Connect ID Tokenjwt payload is the same each time i register a new userUsing .unless in express.js to avoid jsonwebtoken verification for a couple of routes
Good allowance savings plan?
Fourth person (in Slavey language)
Make a transparent 448*448 image
What to do when during a meeting client people start to fight (even physically) with each others?
Can someone explain what is being said here in color publishing in the American Mathematical Monthly?
Is "history" a male-biased word ("his+story")?
How do I locate a classical quotation?
Space in array system equations
How do you like my writing?
String reversal in Python
Subset counting for even numbers
MTG: Can I kill an opponent in response to lethal activated abilities, and not take the damage?
Could you please stop shuffling the deck and play already?
Aliens englobed the Solar System: will we notice?
Is there an equal sign with wider gap?
A question on the ultrafilter number
If the Captain's screens are out, does he switch seats with the co-pilot?
How could our ancestors have domesticated a solitary predator?
Force user to remove USB token
Why the color red for the Republican Party
Should QA ask requirements to developers?
Time travel short story where dinosaur doesn't taste like chicken
Why is Beresheet doing a only a one-way trip?
Why is there a voltage between the mains ground and my radiator?
Issue with verifying JWT token
2019 Community Moderator ElectionInvalidating JSON Web TokensRegistering Glass Timeline Notification with NodeSending JWT token in the headers with PostmanJWT (JSON Web Token) automatic prolongation of expirationWhy this error coming while running nodejs server?angular2 with Slim framework jwt authenticationUndefined _id populate with express, moongose/MongoDB on NodejsPassport JWT is always returning 401 unauthorized when using OpenID Connect ID Tokenjwt payload is the same each time i register a new userUsing .unless in express.js to avoid jsonwebtoken verification for a couple of routes
I have a express nodejs backend which has three URL functions in which
1) registerUser() added user details to database and provided a JWT for the caller
2) verifyToken()- verifies if the JWT is valid
3) getConfiguration()- if JWT is verified from above function provides user with some configuration data
So the express code I'm using to achieve this is
//Routes.js
app.use(requestIp.mw())
app.route('/register')
.post(userController.registerUser);
app.use(userController.verifyToken)
app.route('/user/configuration')
.post(chayakkadaController.getConfiguration);
Now my issue is whenever I try calling the URL /register instead of calling registerUser function it calls verifyToken and says my token is invalid ( I want registerUser function to work without token, but getConfiguration should work only with token)
This is my verifyToken function
export function verifyToken(req, res, next) req.headers["token"];
var appData = ;
if (token)
jwt.verify(token, process.env.SECRET_KEY, function (err, decoded)
if (err)
appData["status"] = 1;
appData["error"] = "Invalid Token";
res.status(500).json(appData);
else
req.user = decoded;
next();
);
else
appData["status"] = 1;
appData["error"] = "Need access token";
res.status(403).json(appData);
My register User code
export function registerUser(req, res)
let userData =
device: req.body.device,
device_version: req.body.device_version,
device_id: req.body.device_id,
app_version: req.body.app_version,
app_id: 2,
ip_address: req.headers['x-real-ip']
database.query(`INSERT INTO users SET ?`, userData)
.then(result =>
let user =
id: result.insertId
let token = jwt.sign(user, process.env.SECRET_KEY);
let appData = ;
appData["token"] = token;
redis.sendMessage(
qname: 'registration_queue',
message: result.insertId + '',
, (err, resp) =>
res.status(201).json(appData);
);
)
.catch(err =>
console.log(err);
res.status(500).json("Database Error");
)
javascript node.js express jwt
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
add a comment |
I have a express nodejs backend which has three URL functions in which
1) registerUser() added user details to database and provided a JWT for the caller
2) verifyToken()- verifies if the JWT is valid
3) getConfiguration()- if JWT is verified from above function provides user with some configuration data
So the express code I'm using to achieve this is
//Routes.js
app.use(requestIp.mw())
app.route('/register')
.post(userController.registerUser);
app.use(userController.verifyToken)
app.route('/user/configuration')
.post(chayakkadaController.getConfiguration);
Now my issue is whenever I try calling the URL /register instead of calling registerUser function it calls verifyToken and says my token is invalid ( I want registerUser function to work without token, but getConfiguration should work only with token)
This is my verifyToken function
export function verifyToken(req, res, next) req.headers["token"];
var appData = ;
if (token)
jwt.verify(token, process.env.SECRET_KEY, function (err, decoded)
if (err)
appData["status"] = 1;
appData["error"] = "Invalid Token";
res.status(500).json(appData);
else
req.user = decoded;
next();
);
else
appData["status"] = 1;
appData["error"] = "Need access token";
res.status(403).json(appData);
My register User code
export function registerUser(req, res)
let userData =
device: req.body.device,
device_version: req.body.device_version,
device_id: req.body.device_id,
app_version: req.body.app_version,
app_id: 2,
ip_address: req.headers['x-real-ip']
database.query(`INSERT INTO users SET ?`, userData)
.then(result =>
let user =
id: result.insertId
let token = jwt.sign(user, process.env.SECRET_KEY);
let appData = ;
appData["token"] = token;
redis.sendMessage(
qname: 'registration_queue',
message: result.insertId + '',
, (err, resp) =>
res.status(201).json(appData);
);
)
.catch(err =>
console.log(err);
res.status(500).json("Database Error");
)
javascript node.js express jwt
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
IsuserController.registerUsercallingnext? Can we see it?
– Rashomon
Mar 6 at 16:20
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
1
are you hitting/registerwith a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which isverifyToken.
– user3099140
Mar 6 at 16:56
add a comment |
I have a express nodejs backend which has three URL functions in which
1) registerUser() added user details to database and provided a JWT for the caller
2) verifyToken()- verifies if the JWT is valid
3) getConfiguration()- if JWT is verified from above function provides user with some configuration data
So the express code I'm using to achieve this is
//Routes.js
app.use(requestIp.mw())
app.route('/register')
.post(userController.registerUser);
app.use(userController.verifyToken)
app.route('/user/configuration')
.post(chayakkadaController.getConfiguration);
Now my issue is whenever I try calling the URL /register instead of calling registerUser function it calls verifyToken and says my token is invalid ( I want registerUser function to work without token, but getConfiguration should work only with token)
This is my verifyToken function
export function verifyToken(req, res, next) req.headers["token"];
var appData = ;
if (token)
jwt.verify(token, process.env.SECRET_KEY, function (err, decoded)
if (err)
appData["status"] = 1;
appData["error"] = "Invalid Token";
res.status(500).json(appData);
else
req.user = decoded;
next();
);
else
appData["status"] = 1;
appData["error"] = "Need access token";
res.status(403).json(appData);
My register User code
export function registerUser(req, res)
let userData =
device: req.body.device,
device_version: req.body.device_version,
device_id: req.body.device_id,
app_version: req.body.app_version,
app_id: 2,
ip_address: req.headers['x-real-ip']
database.query(`INSERT INTO users SET ?`, userData)
.then(result =>
let user =
id: result.insertId
let token = jwt.sign(user, process.env.SECRET_KEY);
let appData = ;
appData["token"] = token;
redis.sendMessage(
qname: 'registration_queue',
message: result.insertId + '',
, (err, resp) =>
res.status(201).json(appData);
);
)
.catch(err =>
console.log(err);
res.status(500).json("Database Error");
)
javascript node.js express jwt
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
I have a express nodejs backend which has three URL functions in which
1) registerUser() added user details to database and provided a JWT for the caller
2) verifyToken()- verifies if the JWT is valid
3) getConfiguration()- if JWT is verified from above function provides user with some configuration data
So the express code I'm using to achieve this is
//Routes.js
app.use(requestIp.mw())
app.route('/register')
.post(userController.registerUser);
app.use(userController.verifyToken)
app.route('/user/configuration')
.post(chayakkadaController.getConfiguration);
Now my issue is whenever I try calling the URL /register instead of calling registerUser function it calls verifyToken and says my token is invalid ( I want registerUser function to work without token, but getConfiguration should work only with token)
This is my verifyToken function
export function verifyToken(req, res, next) req.headers["token"];
var appData = ;
if (token)
jwt.verify(token, process.env.SECRET_KEY, function (err, decoded)
if (err)
appData["status"] = 1;
appData["error"] = "Invalid Token";
res.status(500).json(appData);
else
req.user = decoded;
next();
);
else
appData["status"] = 1;
appData["error"] = "Need access token";
res.status(403).json(appData);
My register User code
export function registerUser(req, res)
let userData =
device: req.body.device,
device_version: req.body.device_version,
device_id: req.body.device_id,
app_version: req.body.app_version,
app_id: 2,
ip_address: req.headers['x-real-ip']
database.query(`INSERT INTO users SET ?`, userData)
.then(result =>
let user =
id: result.insertId
let token = jwt.sign(user, process.env.SECRET_KEY);
let appData = ;
appData["token"] = token;
redis.sendMessage(
qname: 'registration_queue',
message: result.insertId + '',
, (err, resp) =>
res.status(201).json(appData);
);
)
.catch(err =>
console.log(err);
res.status(500).json("Database Error");
)
javascript node.js express jwt
javascript node.js express jwt
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
edited Mar 6 at 16:27
Blaze Mathew
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
asked Mar 6 at 16:15
Blaze MathewBlaze Mathew
82
82
IsuserController.registerUsercallingnext? Can we see it?
– Rashomon
Mar 6 at 16:20
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
1
are you hitting/registerwith a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which isverifyToken.
– user3099140
Mar 6 at 16:56
add a comment |
IsuserController.registerUsercallingnext? Can we see it?
– Rashomon
Mar 6 at 16:20
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
1
are you hitting/registerwith a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which isverifyToken.
– user3099140
Mar 6 at 16:56
Is
userController.registerUser calling next? Can we see it?– Rashomon
Mar 6 at 16:20
Is
userController.registerUser calling next? Can we see it?– Rashomon
Mar 6 at 16:20
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
1
1
are you hitting
/register with a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which is verifyToken.– user3099140
Mar 6 at 16:56
are you hitting
/register with a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which is verifyToken.– user3099140
Mar 6 at 16:56
add a comment |
1 Answer
1
active
oldest
votes
Why you wanna to invent the wheel? there is a NPM module for that:
express-jwt
It has middleware that checks the jwt, if it valid, it decodes the payload and adds it to the request after that it proceed to your controller, if it is not valid, it throws an error, that you should catch, and do what ever you want.
It has the unless feature, so you can configure the entire subpath as restricted unless it is /register
router.use(`admin/`, [
expressJwt( secret: jwtSecret ).unless(
path: ['/register]
),
]);
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55027624%2fissue-with-verifying-jwt-token%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Why you wanna to invent the wheel? there is a NPM module for that:
express-jwt
It has middleware that checks the jwt, if it valid, it decodes the payload and adds it to the request after that it proceed to your controller, if it is not valid, it throws an error, that you should catch, and do what ever you want.
It has the unless feature, so you can configure the entire subpath as restricted unless it is /register
router.use(`admin/`, [
expressJwt( secret: jwtSecret ).unless(
path: ['/register]
),
]);
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
add a comment |
Why you wanna to invent the wheel? there is a NPM module for that:
express-jwt
It has middleware that checks the jwt, if it valid, it decodes the payload and adds it to the request after that it proceed to your controller, if it is not valid, it throws an error, that you should catch, and do what ever you want.
It has the unless feature, so you can configure the entire subpath as restricted unless it is /register
router.use(`admin/`, [
expressJwt( secret: jwtSecret ).unless(
path: ['/register]
),
]);
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
add a comment |
Why you wanna to invent the wheel? there is a NPM module for that:
express-jwt
It has middleware that checks the jwt, if it valid, it decodes the payload and adds it to the request after that it proceed to your controller, if it is not valid, it throws an error, that you should catch, and do what ever you want.
It has the unless feature, so you can configure the entire subpath as restricted unless it is /register
router.use(`admin/`, [
expressJwt( secret: jwtSecret ).unless(
path: ['/register]
),
]);
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
Why you wanna to invent the wheel? there is a NPM module for that:
express-jwt
It has middleware that checks the jwt, if it valid, it decodes the payload and adds it to the request after that it proceed to your controller, if it is not valid, it throws an error, that you should catch, and do what ever you want.
It has the unless feature, so you can configure the entire subpath as restricted unless it is /register
router.use(`admin/`, [
expressJwt( secret: jwtSecret ).unless(
path: ['/register]
),
]);
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
answered Mar 6 at 16:25
felixmoshfelixmosh
4,1012520
4,1012520
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55027624%2fissue-with-verifying-jwt-token%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is
userController.registerUsercallingnext? Can we see it?– Rashomon
Mar 6 at 16:20
@Rashomon added code
– Blaze Mathew
Mar 6 at 16:27
1
are you hitting
/registerwith a POST request? if you hit it with a GET, the route won't match so it will go to the next middleware, which isverifyToken.– user3099140
Mar 6 at 16:56