Stack Overflow
Stack Overflow

Questions tagged [express-jwt]

Connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

Middleware that validates JsonWebTokens and set req.user.

This module lets you authenticate HTTP requests using JWT tokens, in your Node.js applications. JWT tokens are typically used protect API endpoints, and are often issued using OpenID Connect.

GitHub: https://github.com/auth0/express-jwt

375 questions
575
votes
9 answers

If you can decode JWT, how are they secure?

If I get a JWT and I can decode the payload, how is that secure? Couldn't I just grab the token out of the header, decode and change the user information in the payload, and send it back with the same correct encoded secret? I know they must be…
Z2VvZ3Vp
  • 7,033
  • 6
  • 21
  • 35
120
votes
16 answers

ERR_HTTP_HEADERS_SENT: Cannot set headers after they are sent to the client

I'm facing this weird issue in NodeJS when using with Passport.js, Express and Mongoose. Basically, I get an error saying "Cannot set headers after they are sent to the client" even though I don't send more than one header. I've read other posts and…
lourdesr
  • 1,311
  • 2
  • 9
  • 5
61
votes
3 answers

JSON Web Token (JWT) benefits over a database session token

With a database session token system I could have a user login with a username/password, the server could generate a token (a uuid for example) and store it in the database and return that token to the client. Every request from thereon would…
ajeetdl
  • 1,254
  • 1
  • 13
  • 17
52
votes
3 answers

How to send a token with an AJAX request from jQuery

I use express-jwt and create my token via jQuery and save it in my localStorage with: $.ajax({ url: "http://localhost:8080/login", type: 'POST', data: formData, error : function(err) { console.log('Error!', err) }, success:…
larz
  • 813
  • 1
  • 12
  • 29
47
votes
7 answers

if (!options.algorithms) throw new Error('algorithms should be set'); Error: algorithms should be set

I started learning Nodejs and i am stuck somewhere in the middle. I installed a new library from npm and that was express-jwt, its showing some kind of error after running. Attached the code and the logs of the error, please help me out! const jwt…
Shubham gupta
  • 671
  • 1
  • 5
  • 10
40
votes
2 answers

express-jwt vs. jsonwebtoken

I have a feeling this is going to be a quick answer, but I can't seem to find any great definitive answers on the web - what is the difference between the jsonwebtoken npm package and the express-jwt npm package? I think express-jwt is written on…
bobbyz
  • 4,946
  • 3
  • 31
  • 42
33
votes
3 answers

Facebook-passport with JWT

I've been using Passport on my server for user authentication. When a user is signing in locally (using a username and password), the server sends them a JWT which is stored in localstorage, and is sent back to server for every api call that…
Bar Kedem
  • 575
  • 1
  • 6
  • 13
26
votes
2 answers

Is it secure to store a refresh token in the database? (To issue new access tokens for login purposes). Or is there a method to do it easier?

Currently im trying to gather knowledge on how to implement an auth system (a login) . And during my research i've tried to implement a JWT based solution in my backend. I have an express server which allows me to register an user , storing its…
mouchin777
  • 1,428
  • 1
  • 31
  • 59
21
votes
2 answers

Supertest, test secure REST API

I am writing an integration test for a REST API protected by a jwt. One API operation POST /user/token is returning a jwt given a username and a password and this token is then used for a list of operations such as: GET /user/:id Where the route is…
JohnJohnGa
  • 15,446
  • 19
  • 62
  • 87
18
votes
4 answers

UnauthorizedError: invalid algorithm express-jwt

I am displaying some data on my website which returns from node server. It's works perfectly until today. Now I am getting below error on my server console when I go to my web page. I use Auth0 for signin in users. UnauthorizedError: invalid…
Bishan
  • 15,211
  • 52
  • 164
  • 258
17
votes
5 answers

How to handle errors with Express-JWT

I am trying to incorporate the express-jwt library and I do not quite understand how it's error handling works. The documentation says: Error handling The default behavior is to throw an error when the token is invalid, so you can >add your custom…
Startec
  • 12,496
  • 23
  • 93
  • 160
14
votes
2 answers

Passport token auth *without* database session

I am looking for a way to use the Twitter strategy for Passport.js without using a sessions collection/table in a database. The reason for this is we save all that data in the sessions collection which can get quite large and we save a database…
Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
14
votes
3 answers

How do I access getToken in

In the express-jwt docs there is a reference to being able to use a getToken function to get the token from a request. How do you use this call in a route? app.use(jwt({ secret: 'hello world !', credentialsRequired: false, getToken: function…
Samuel Goldenbaum
  • 18,391
  • 17
  • 66
  • 104
13
votes
1 answer

How is angular-jwt decoding my JWT without a secret?

The Auth0 team created something called "angular-jwt" which has a jwtHelper class. This thing successfully decodes a local JWT without the secret I used on the server. How did this happen? If they are not secure, then what is the point of using a…
G. Deward
  • 1,542
  • 3
  • 17
  • 30
12
votes
3 answers

What are the ways to implement logout from all devices feature with JWT token mechanism?

I want to implement JWT in my next project. I just want to know if there is any best way to implement logout from all devices in JWT. As JWT is stateless mechanism, do we have to involve redis/db?
Kaphy
  • 459
  • 4
  • 10
1
2 3
24 25