I need to replace Bearer from the header to verify the Token

Question

bearer = bearerHeader.replace("Bearer","");
jwt.verify(bearer, 'super_secret', function (err, decoded) {
    console.log(err);
    console.log(decoded);
});

Here is my code. Whenever I try to verify Token. I want to replace Bearer from header to verify only token. it will always goes to 'err' if a take Bearer. when i remove the Bearer from header i will work perfect. anyone please help me to solve this. Is there any way to solve this problem?

Output:

  { 
     [JsonWebTokenError: invalid token] name: 'JsonWebTokenError',
     message: 'invalid token'
  }

   undefined

Fetrarij · Accepted Answer · 2017-05-11T12:50:40.230

if bearerHeader is something like "Bearer 456513" then your code

bearerHeader.replace("Bearer","");

will result: " 456513" (there are space before the token)

bearerHeader.replace('Bearer ','');

may solve your issue but I recommend to verify the authentification scheme first ("Bearer" term is really "Bearer"):

 var parts = bearerHeader.split(' ');
 if (parts.length === 2) {
   var scheme = parts[0];
   var credentials = parts[1];

   if (/^Bearer$/i.test(scheme)) {
     token = credentials;
     //verify token
     jwt.verify(token, 'super secret', function(err, decoded) {
     }
   }
}

score 5 · Answer 2 · answered Oct 04 '19 at 00:21

5

Try this

bearer = bearerHeader.replace(/^Bearer\s/, '');
    jwt.verify(bearer, 'super_secret', function (err, decoded) {
                        console.log(err);
                        console.log(decoded);`
    }

answered Oct 04 '19 at 00:21

Kingsolo50

63
1
3

score 3 · Answer 3 · edited Nov 01 '20 at 14:44

3

You can try to split() the string on spaces and discard the first element

// OPTION 1
bearerHeader.split(" ")[1];

or you can simple cut Bearer from the string

// OPTION 2
bearerHeader.replace("Bearer", "");

edited Nov 01 '20 at 14:44

m02ph3u5

3,022
7
38
51

answered Nov 01 '20 at 13:17

giovaniZanetti

452
4
7

score 2 · Answer 4 · edited Sep 30 '21 at 06:07

2

you should have to pass space after Bearer

var token = req.headers.authorization.replace('Bearer ', '');

edited Sep 30 '21 at 06:07

Suraj Rao

29,388
11
94
103

answered Sep 30 '21 at 05:51

Popat Karkhile

21
1

score 0 · Answer 5 · answered Jul 06 '23 at 10:02

Another potential solution if you need to support multiple authorisation schemes or if you are unsure if bearer will be provided or not.

const authToken = req.headers.authorization
const [token, ...rest] = authToken.split(' ').reverse()

With this code, 12345 will be returned for the following test data:

12345
Bearer 12345
Basic 12345

I need to replace Bearer from the header to verify the Token

5 Answers5