2

I would like to verify the JWT token which is stored in the cookies in Express Gateway. I tried the below configuration of gateway.config.yml but it is not working.

Is it possible to do this in Express Gateway?

HTTP Request

Cookie: culture=EN-US; jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1ZGU5ZmZiMjFmNThhODIxYjhhOWFhZGEiLCJyb2xlcyI6W10sImlhdCI6MTU3NTk3MDM0OSwiZXhwIjozNzIzNDUzOTk2fQ.TEgRSc9V6a6UA-7ppx54xu8kGWfQ1SOq9s3JQQnqEWk

      - jwt:
          - action:
              secretOrPublicKey: 'xxxxxxxx' 
              checkCredentialExistence: false
              jwtExtractor: header
              jwtExtractorField: Cookie['jwt']
KenLai
  • 251
  • 1
  • 4
  • 15

1 Answers1

1

Roughly a year and a half has passed since this question was posted and I ran into the same issue today. Based on what I see in the sources, it'd seem like you can't do this (as of now).

Express Gateway's jwt policy uses passport-jwt underneath and although passport-jwt does allow passing in custom extractors for extracting JWT from the request (as in your use case, you want to extract it from a particular Cookie), Express Gateway hasn't exposed this functionality as of now.

References:
[1] Express Gateway JWT policy: https://github.com/ExpressGateway/express-gateway/tree/master/lib/policies/jwt
[2] The passport-jwt extractors that Express Gateway has exposed: https://github.com/ExpressGateway/express-gateway/blob/master/lib/policies/jwt/extractors.js (header, query, authScheme, authBearer)

[3] Passing Custom Extractors to passport-jwt: https://www.npmjs.com/package/passport-jwt#writing-a-custom-extractor-function

K.N. Bhargav
  • 55
  • 1
  • 6