JWT JSON Passport password authentication failed
This is my first time using passport and JWT authentication. My question is this: when I submit an already expired token in the header, I get an "Unauthorized" message. My code looks like this:
In routes.js:
app.route('/people/:id')
// .all(function(req, res, next) {
// app.auth.authenticate(req, res, next);
// })
// .all(app.auth.authenticate)
.all(app.auth.authenticate())
.get(controller.getPeopleById)
.delete(controller.deletePeople);
The commented parts are all I've tried
In auth.js:
var passport = require("passport");
var passportJWT = require("passport-jwt");
var ExtractJwt = passportJWT.ExtractJwt;
var Strategy = passportJWT.Strategy;
module.exports = function(app) {
const options = {
secretOrKey: app.config.config.jwtSecret,
jwtFromRequest: ExtractJwt.fromAuthHeader()
};
var strategy = new Strategy(options, function(payload, done) {
console.log("payload: " + JSON.stringify(payload));
});
passport.use(strategy);
return {
initialize : function() {
return passport.initialize();
},
authenticate : function() {
return passport.authenticate('jwt', app.config.config.jwtSession);
// return passport.authenticate('jwt', app.config.config.jwtSession, function(error, done, info) {
// if (error) {
// console.log("error: " + error);
// }
// if (done) {
// console.log("done: " + JSON.stringify(done));
// }
// if (info) {
// console.log("info: " + info);
// }
// });
// }
}
}
};
In middlewares.js:
var bodyParser = require("body-parser");
var config = require("./config/config")();
module.exports = function(app) {
app.set("port", config.port || 3000);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(app.auth.initialize());
};
All I want to do is capture the error that comes up on authentication to set up messages like: "Expired, login again", but as it is, it doesn't introduce a strategy check method. Has anyone ever experienced this? Grateful.
source to share
Passport always throws AuthenticationError.
To get the actual error, you must provide a callback to the pass.authenticate method.
Example:
app.get('/protected', function(req, res, next) {
passport.authenticate('local', function(err, user, failuresOrInfo, status) {
// failuresOrInfo has the cause.
if (err) { return next(err) }
if (!user) { return res.redirect('/signin') }
res.redirect('/account');
})(req, res, next);
});
See code stripped for passport code:
function allFailed() {
if (callback) {
if (!multi) {
return callback(null, false, failures[0].challenge, failures[0].status);
} else {
var challenges = failures.map(function(f) { return f.challenge; });
var statuses = failures.map(function(f) { return f.status; });
return callback(null, false, challenges, statuses);
}
}
...
See that if a callback is present the passport passes the result to the callback and you have to manage the rest.
Hope my answer is clear and it can help you.
source to share