Skip to content

JWT authentication - HTTP 403 - Invalid credentials - strapi develop #14

@zurfluh

Description

@zurfluh

Describe the bug
When running Strapi with a custom JWT_TOKEN, login works and returns a JWT. Using this JWT to authenticate API requests results in HTTP 403 with the message "Invalid credentials".

The only way for me to avoid this is to delete jwt.js and let Strapi auto-generate the file. As soon as I change the file, authentication breaks again, and can again only be fixed by deleting jwt.js.

Steps to reproduce the behavior

  1. Create jwt.js exactly as per https://strapi.io/documentation/v3.x/plugins/users-permissions.html#security-configuration
  2. Start Strapi strapi develop
  3. UI: Create user, add to predefined "Authenticated" group. Allow "Authenticated" to "find" on the resource.
  4. Log in - POST /auth/local . Succeeds and returns a JWT.
  5. GET /my-resource with header "Authorization: " returns HTTP 403, "Invalid credentials".

If Step 1. is omitted and jwt.js is deleted instead, the bug does not happen.

Expected behavior
GET /my-resource returns HTTP 200 and data, like what's described before when the jwt.js is re-generated.

Screenshots
image

Code snippets
jwt.js

module.exports = {
  jwtSecret: process.env.JWT_SECRET
};

I verified that JWT_SECRET is set.

System

  • Node.js version: v10.16.3
  • NPM version: v6.13.4
  • Strapi version: v3.1.3
  • Database: PostgreSQL
  • Operating system: linux

Metadata

Metadata

Labels

pr: fixUsed on the docs repo for anything that is not "new" or "updated" content: chore, typos, fixes, etc.severity: mediumIf it breaks the basic use of the product but can be worked aroundsource: Dev DocsPRs/issues targeting the Developer Docsstatus: confirmedConfirmed by a Strapi Team member or multiple community memberstarget: v3Documentation PRs/issues targeting content from docs-v3.strapi.io (v3 branch)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions