#JWT decode token

Hi everyone,

My auth system give me 401 but I don't understand why ?

I generated a token with my secret key but every time I try to call my protected route I get a 401 error.

Generate token function :

createRefreshToken(email: string) {
    return this.jwtService.sign({ email: email }, { expiresIn: '15m' });
  }

My module :

@Module({
  imports: [
    PassportModule.register({ defaultStrategy: 'jwt' }),
    MailModule,
    UserModule,
    JwtModule.register({
      global: true,
      secret: process.env.JWTCONSTANTS,
      signOptions: { expiresIn: '15m' },
    }),
  ],
  controllers: [AuthController],
  providers: [AuthService, JwtAdminStrategy],
})
export class AuthModule {}

And my strategy :

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      ignoreExpiration: false,
      secretOrKey: process.env.JWTCONSTANTS,
    });
  }

  async validate(payload: any) {
    return { email: payload.email };
  }
}

Do you have an idea ?

Try adding this to your JwtGuard (and if you don't have a JwtGuard, make one that extends AuthGuard('jwt'))

handleRequest(...args: Parameters<InstanceType<ReturnType<typeof AuthGuard>>['handleRequest']>) {
  console.log(args);
  return super.handleRequest(...args);
}

I did it, this is the console log :

[
  null,
  false,
  undefined,
  ExecutionContextHost {
    args: [ [IncomingMessage], [ServerResponse], [Function: next] ],
    constructorRef: [class AuthController],
    handler: [AsyncFunction: me],
    contextType: 'http',
    getRequest: [Function: getRequest],
    getResponse: [Function: getResponse],
    getNext: [Function: getNext]
  },
  undefined
]

So null error (first parameter), but a false returned for the user (second parameter). that's interesting

I don't have error but the user can't access ?

I don't understand why he can't access

I don't see why user would be false here

we are two 😂

Any chance you can provide a reproduction?

of course : https://github.com/Dodochantrel/my-games

thx for help !

Any chance you can make it to where I don't need the database?

If you call auth/me you don't need it, you'll be rejected first.

I still need the database to start the server, so I want a way to not have to have it at all

done

AuthModule requires UserModule which requires DatabaseModule

Ah 😂

Done ( for real )

You have a route in test controller

How do I get an auth token?

now you can !

/token

I was able to generate a token and use it just fine

xh :3000/test Authorization:"Bearer <token>"

xh is another command line http client, similar to curl

How is it possible

why I can't

No clue, cause I have no idea what you're doing specifically

On the test route, I can access to

but not /me

wtf

You don't differentiate your JwtAuth and JwtAdmin strategies, so they have the same name jwt meaning that you're probably triggering the wrong strategy'

Mmmh, probably

Yep, as the JwtAdminStrategy returns a boolean from validate, that's definitely what is happening

And a false user, to passport, is a failure of authentication

No way, Ok i M juste tired I think, thx you man🥸