JsonWebTokenError jwt malformed

Question

I am trying to add authentication using a JWT strategy.

I have just protected one endpoint for testing purpose. Even though I am providing a token, it's apparently malformed.

  console.log
    {
      err: null,
      user: false,
      info: JsonWebTokenError {
        name: 'JsonWebTokenError',
        message: 'jwt malformed'
      }
    }

Here is how I am signing this token:

async signIn(
    authCredentialsInput: AuthCredentialsInput,
  ): Promise<AccessToken> {
    const { email, password } = authCredentialsInput
    const athlete = await this.athleteRepository.findByEmail(email)

    if (!athlete) throw new UnauthorizedException('no user')
    if (await this.isWrongPassword(password, athlete.password))
      throw new UnauthorizedException('wrong password')
    const payload = { athleteId: athlete.id }
    const token = this.jwtService.sign(payload)
    return { token }
  }

I can't grasp what I've done wrong. Any thoughts?

EDIT 1:

EDIT 2:

How I add the the token to the authorization header:

  function expectCorrectGqlResponse(
    mutation: Query,
    retrievedDataKey: string,
    expectedData: Record<string, unknown> | Array<Record<string, unknown>>,
  ) {
    const GRAPHQL_URL = '/graphql'
    console.warn(token)
    return request(app.getHttpServer())
      .post(GRAPHQL_URL)
      .set('Authorization', 'Bearer ' + token)
      .send(mutation)
      .expect((response: any) => {
        displayErrors(response)
        const retrievedData = response.body.data[retrievedDataKey]
        expect(retrievedData).toStrictEqual(expectedData)
      })
  }

How I validate the token:

  async validate(payload: any) {
    console.log(payload)
    return { athleteId: payload.athleteId }
  }

Thanks for asking, I did check with this website. It confirms that it's invalid, but I don't get why. I am editing my initial post with a screenshot — A Mehmeto, Nov 11 '21 at 11:28
the "invalid signature" is simply there because you did not provide the key/secret. jwt.io can't validate the signature without knowing the secret. See [here](https://stackoverflow.com/questions/69862105/jwt-io-says-signature-verified-even-when-key-is-not-provided/69862239#69862239) how to validate a token on jwt.io. But that's not the original problem. Token malformed could be caused by a simply missing token in the auth header, or additional "BEARER" in front of the token which you did not cut out of the header before passing the token to the validator. — jps, Nov 11 '21 at 11:40
Can you show how you add the the token to the authorzation header and how you validate the token? — jps, Nov 11 '21 at 11:44
you don't really show the validation. I would expect to see something like jwtservice.verify or similar, analog to the way you sign the token. Is there any code where you read the authorization header and take the token from it and pass it to the verification? That would be the place to debug. Do you really pass a token to the verify method or was it empty or was there more than the token itself,e.g. the word "Bearer" or even just a blank in front of the token? That could maybe cause the malformed exception. — jps, Nov 12 '21 at 11:34

JsonWebTokenError jwt malformed

0 Answers0