When i call any request i get Unauthorized 401 even i call request that returns hello it says me Unauthorized 401
#Unauthorized
tall crow
I don't know what happens\
i fix error
problem is in providers: [
{
provide: APP_GUARD,
useClass: AtGuard,
},
],
ancient needle
What is AtGuard? Is this making use of passport and the AuthGusrd()?
tall crow
What is `AtGuard`? Is this making use of passport and the `AuthGusrd()`?
At Guard is AccessToken Guard
I just fix it
tall crow
What is `AtGuard`? Is this making use of passport and the `AuthGusrd()`?
I have question. I want to get Refresh Token from body not from fromAuthHeaderAsBearerToken(). How can i do that?
if from fromBodyField() then how can i do that?
ancient needle
Check passport's documentation for what extractors exist
tall crow
Check passport's documentation for what extractors exist
I check
i saw fromBodyField()
but how can i do that if i need add field
super({
jwtFromRequest: ExtractJwt.fromBodyField(field),
secretOrKey: process.env.REFRESH_SECRET,
passReqToCallback: true,
});
where i can take refreshToken from req to Strategy?
tall crow
Check passport's documentation for what extractors exist
Are you in there?
sorry if i disturb you
ancient needle
where i can take refreshToken from req to Strategy?
I don't understand what you're asking here
I provide support when possible. I also have a life outside of this server and have plans today, so most likely I'll be sparsely here
dense canopy
where i can take refreshToken from req to Strategy?
refresh tokens and a secret are 2 different things
you will have to implement a refresh token system your self
a refresh token is like a master key
a login token is generated with the refresh token as the key
i suggest to save a new refresh token for each newly created user in the database
so when they login with right credentials
the refresh token gets fetched and a new login token is made with the refresh token as the key
this login token is then handed to the user so they are logged in
when the login token is expired a request is made for a new one so they remain logged in
this secretOrKey in the context with refresh tokens should't be A refresh token but a login token
also enjoy those plans jmcdo 😊
tall crow
refresh tokens and a secret are 2 different things
you will have to implement a ...
I want to validate refreshToken before that i work with it
do you know about getMe? When we put accesToken into header and etc. And i want realize the same type but not access so refresh
and not into header
i want to check it for validity
because my refreshToken has 60 days and i need to check it
for validity
dense canopy
for validity
that defeats the whole purpose of a refresh token
those shouldn't expire!
the whole point of a refresh token
is a master key in case a user loses their hotel room key
tall crow
that defeats the whole purpose of a refresh token
those shouldn't expire!
bro sorry but i don't understand you
i want to validate my refreshToken before i work with it
dense canopy
i want to validate my refreshToken before i work with it
lets put the example of a hotel
a manager has a master key so they can access all hotel rooms
users get a key so they can access their own
if a user loses a key the manager can open the door for them
now imagen users being their own managers
if the master key expires everybody gets stuck
tall crow
lets put the example of a hotel
a manager has a master key so they can access a...
bro i know oauth 2 system
i not need help
tall crow
lets put the example of a hotel
a manager has a master key so they can access a...
tell me how to take the refreshToken from the body and not from the header in the passport library in the strategy
tall crow
lets put the example of a hotel
a manager has a master key so they can access a...
ooooo man
tall crow
lets put the example of a hotel
a manager has a master key so they can access a...
If i not check refresh for validate refresh token to be always
tall crow
lets put the example of a hotel
a manager has a master key so they can access a...
I want to make it so that every 60 days a person is authenticated again
i know how it use without passport library but i don't know how use it with passport
dense canopy
i know how it use without passport library but i don't know how use it with pass...
honestly is stepped away from passport because of the crappy docs
but beside that, you're now making more sense now
honestly that is kinda hard if the user is logged out
you have nothing left of to base it of
tall crow
honestly is stepped away from passport because of the crappy docs
but beside tha...
okey, can you understand how can i do it with passport library
dense canopy
you're asking something that isn't easy even without
ngl impressed you found a way to validate a master key like that
sorry i'm afraid it would stop here for me
i purposely switched away from passport because i hated it
tall crow
sorry i'm afraid it would stop here for me
i purposely switched away from passpo...
what you advice to use if passport not?
tall crow
sorry i'm afraid it would stop here for me
i purposely switched away from passpo...
and if you don't explain me but who can?
dense canopy
what you advice to use if passport not?
Personally i prefer either just jwt or sessions, but dont have time for today to reply anymore
Will see if i can help tomorow
ancient needle
If i not check refresh for validate refresh token to be always
What do you mean by "check refresh for validate refresh token"? What are you checking here? Wyatt is your refresh token, just a string saved in the DB, a jwt, something Else?
tall crow
What do you mean by "check refresh for validate refresh token"? What are you che...
do you know about GetMe when we put accessToken into header and check it for validationg
I want to do the same type but with refreshToken and i want take refreshToken from body not from header
tall crow
What do you mean by "check refresh for validate refresh token"? What are you che...
And i don't know how do this in passport library
ancient needle
do you know about GetMe when we put accessToken into header and check it for val...
I don't follow. GET /me routes usually work because the token is valid, but aren't used for token validation
So I don't understand what you mean by "do the same... With refresh token"
It's just another jwt, with a new secret, right? Use a new strategy, with a new guard, with the proper extractor and it should all be fine
tall crow
It's just another jwt, with a new secret, right? Use a new strategy, with a new ...
Bro
this is code
@Injectable()
export class RtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
constructor(prismaService: PrismaService) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: process.env.REFRESH_SECRET,
passReqToCallback: true,
});
}
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
validate(req: Request, payload: JwtPayload): JwtPayloadWithRt {
const refreshToken = this.extractTokenFromHeader(req)
if (!refreshToken) throw new ForbiddenException('Refresh token expired');
return {
...payload,
refreshToken,
};
}
}```in code method fromAuthHeaderAsBearerToken() takes token from header. But i want to take refreshToken from request body. But i don't know how to do that
I already do that thank you
I do like that
@Injectable()
export class RtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
private extractTokenFromRequest(request: Request): string | undefined {
const refreshToken = request.body.refreshToken;
return refreshToken;
}
constructor(prismaService: PrismaService) {
super({
jwtFromRequest: (request: Request) => this.extractTokenFromRequest(request),
secretOrKey: process.env.REFRESH_SECRET,
passReqToCallback: true,
});
}
validate(req: Request, payload: JwtPayload): JwtPayloadWithRt {
const refreshToken = this.extractTokenFromRequest(req);
if (!refreshToken) throw new ForbiddenException('Refresh token expired');
return {
...payload,
refreshToken,
};
}
}```I told you to look at passport's documentation for that, they show how to use a custom method