-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passport authentication with JWTStrategy not working - Error: Could not get a response #153
Comments
Hi @theakshaygupta , have you ever been able to resolve this? I'm running to exactly same issue :( |
Hi @kittrCZ , Also if you're logging in the user, you must be using I don't know if this will work but that's all the change I could see in my previous code and earlier code.
Let's discuss if you're still running into the same problem. Thanks |
This is pretty frustrating. I'm sure that I overlooked something, but I can't digest that the documented way is not working. Totally agree with your suggestions and have it implemented similarly, I have following: passport.js
route.js
package.json
and this command does not work. curl
any clue @theakshaygupta , I stop believing that this package even works ^^ |
I assume your |
@theakshaygupta no totally nothing. Everything gets instant 401 response |
@kittrCZ Sorry, I am unable to figure out what is going wrong here. The only problem I can see here is that your token is expired. You could try to re create the token and provide it in the header. Cheers |
so I figured out yesterday. The token was truly expired. I highly recommend to everyone to create a This issue ca be closed |
@kittrCZ was your token testing endpoint included just after it was created? I'm facing the same issue but I'm not sure if I'm using it properly. Mine looks like this and it stands just before generating const token = jwt.sign(user, '4waNdqInzkWHwTs4BXXp9ZAsolK0EV75', {expiresIn: 86400 * 30});
jwt.verify(token, '4waNdqInzkWHwTs4BXXp9ZAsolK0EV75', function(err, data){
console.log(err, data);
})
return res.send({
message: 'Logged In Successfully!',
redirect: '/dashboard',
jwtToken: 'JWT ' + token,
success: true,
user: {
id: user.id,
name: user.user_name
}
}); |
Hi all, i'm still having this challenge after verification using jwt.verify(), token was successfully verified. Strangely, it didnt work
Digging further, i did {"_key":"passport","_strategies":{"session":{"name":"session"},"jwt":{"name":"jwt","_jwtFromRequest":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1YjFkNmQwMWI5N2YxMTAxZDU4MDY1MmQiLCJmaXJzdE5hbWUiOiJoZWxvbyIsInJvbGUiOlsiUGF0aWVudCJdLCJleHAiOjE1Mjk0MDYxMjIsInNlY3JldE9yS2V5IjoiUkVTVEZVTEFQSXMiLCJpYXQiOjE1Mjg4MDEzMjJ9.KTminBQ8Mzi7IuKsjKjtWPSvYWevqHRW","_verifOpts":{"ignoreExpiration":true}}},"_serializers":[null],"_deserializers":[],"_infoTransformers":[],"_framework":{},"_userProperty":"user","_sm":{"_key":"passport"},"strategies":{}} It actually got the data. Not really sure what is going on at this point again. |
Any updates on this? It seems like the original poster had an expiration issue, but others like @arnasledev and @holumyn haven't found solutions. Here's an update of my own: I wasn't setting issuer and audience claims correctly. |
Mine problem was different secret keys on passport and verification of the login. |
hey guys, // passport.js
passport.use(new JWTStrategy({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: process.env.SERVERSECRET
}, (token, done) => {
return done(null, token);
})); // router/index.js
/**
* middleware for checking authorization with jwt
*/
function authorized(request, response, next) {
passport.authenticate('jwt', { session: false, }, async (error, token) => {
if (error || !token) {
response.status(401).json({ message: 'Unauthorized' });
}
try {
const user = await User.findOne({
where: { id: token.id },
});
request.user = user;
} catch (error) {
next(error);
}
next();
})(request, response, next);
}
router.use('/user', authorized, userRouter); // router/user.js
router.get('/', (request, response, next) => {
response.send(request.user);
}); and in my request i had to set Authorization: bearer |
I had the same issue , it turned out when using ExtractJwt.fromAuthHeaderAsBearerToken() we have to send send the authorization header as bearer + token , although in the authentication for the route we write : passport.authenticate('jwt', { session: false, }, function()...etc. this applies to the new version of passport where the original function ExtractJwt.fromAuthHeader() is not available anymore. |
In case you are still stuck, follow the following link for resolution. |
I had the same issue . The imported model reference in one of the method in passport js file was not correct.After i correct that the problem solved |
I am currently experiencing this issue SUDDENLY. I have been working on my app for two years and never had an issue and now suddenly I start getting an issue. All my routes that use passport.authenticate now no longer work. |
This worked for me. Turns out that when using opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken() You have to return "Bearer + token" and not "JWT + token". I did that and it worked for me. Deep sigh. Finally! |
Things have changed. For example, you can no longer use ExtractJwt.fromAuthHeader() function anymore. It is deprecated. Just compare your code with the latest examples, and you will have your app working again. |
How do you set the header with the token then? Do you use res.set or something like it? |
Please can you show how did you set your request with this "Authorization:bearer"? |
Make sure the value you are using on the jwt.sign() is a number or if you are using process.env parse it to a number. |
You have to return "Bearer + token" and not "JWT + token". Add bearer "token" in Authorization value |
Yes... Look I have been struggling with it for more than three days... There is any code example on how to do the request to a protected route and send the header with these values? I have been able to do it on postman but not in my application. I would be really glad if I had an example on how to do it properly. |
Having same issue. Just tried to test it and doesn't work |
Wow, that worked surprisingly. How did you come to figure that out? I am just confused about how you came to have that information? Why was it changed from JWT to Bearer and was not mentioned in the documentation? |
It's mentioned here: https://github.com/mikenicholson/passport-jwt/blob/master/docs/migrating.md#migrating-from-2xx-to-3xx |
Well after much investigation I believe I have found the source of my problem as well as a better understanding of how JWT works. The JWT seems to have gotten too large. My functioning user accounts have 6500 or fewer characters whilst my user accounts that no longer work are in the area of 8500. Now it's onto trying to figure out how to configure passport-jwt to only store a much smaller amount of data. For me it was this code when logging in: The problem was "user". I was saving the ENTIRE user document from mongodb which had quite a bit of data in it. Data that was completely unnecessary. So I created a new object with the data that I actually needed and created the JWT with that.
I included images as the formatting of the code was not working as I wanted it to in the Github comment editor. |
a little off topic but JWT should not store all your information like names, email address etc as JWT can be decoded by anybody. You wouldn't want anybody to know the ownership of the token, it's a security risk. You should just store non-sensitive information e.g. userid. The userid can then be used to retrieve information from your DB without again verifying that userid and password matches. |
@daveteu Thanks! |
If you are following the documentation for NestJS, something seems to have been left out. Kindly make sure that you are also passing the secret during signing. I have mine in my .env file, thus the code snippet below: |
Hi all, I have been facing the same issue lately . Here's a detailed description of my issue. Someone, please help me out ..https://stackoverflow.com/questions/66091341/jwt-authentication-failed?noredirect=1#comment117182238_66091341 |
Thx you |
hi my jwt is not getting called even my console.log({ jwt_payload }); is not getting called const express = require('express'); const SECRET_KEY = 'SECRET_KEY'; //middlewares server.use( // Passport Strategies passport.use( // this creates session variable req.user on being called from callbacks // this changes session variable req.user when called from authorized request passport.deserializeUser(function (user, cb) { const mongoURI="mongodb://0.0.0.0/ecommerce" |
as @roshen1234 wrote it seems like i have a similar problem -> https://stackoverflow.com/questions/77963421/express-routing-not-working-anymore-after-update#comment137445464_77963421 |
Hello,
I was trying to authenticate with passport JWTStrategy
passport-oauth.js :
If you see my two console.log() functions, the control never comes to passport.use(new JWTStrategy...
I am authenticating here :
I used postman to send my request :
As you can see I provided the authentication header too , and I am getting this error Could not get a response .
If anyone could please tell me what's wrong, I've been at it since hours.
Thanks.
The text was updated successfully, but these errors were encountered: