Node Express：未执行Passport JWT中间件

Question

When I use 'passport.authenticate('jwt', { session: false })' in a route, it returns 'Unauthorized'. The passport middleware seems not working. I don't know what is wrong! In the header I'm using the 'Authorization: JWT MY_TOKEN'.

app.js file

// ...code

const app = express();
app.use(bodyParser.json());
app.use(passport.initialize());
require('./config/passport')(passport); // passport middleware file

app.use('/api/auth', auth); // routes
app.use('/api/lists', lists); // routes  

.

Passport middleware file:

const { Strategy, ExtractJwt } = require('passport-jwt');
const User = require('../models/User');
const keys = require('./keys');

module.exports = (passport) => {
    const opts = {};
    opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
    opts.secretOrKey = 'MYSECRETKEY';

    // HERE IS EXECUTED! <<<<<<<<

    passport.use(new Strategy(opts, function(jwt_payload, done) {
        // HERE IS NOT BEING EXECUTED! <<<<<<<<

        User.findOne({_id: jwt_payload.id}, function(err, user) {
            if (err) {
                return done(err, false);
            }
            if (user) {
                return done(null, user);
            } else {
                return done(null, false);
            }
        });
    }));
}

.

Login route (creating the token):

router.post('/login', (req, res, next) => {
  const { email, } = req.body;

  User.findOne({ email: email }, { password: 0 }, (errQuery, resUser) => {
    const token = jwt.sign({_id: resUser.id}, 'MYSECRETKEY');

    const responseData = {
      status: true,
      token: `JWT ${token}`
    };

    res.send(responseData);
  });
});

Answer 1

The issue is this line:

opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();

Because you're calling that configuration option, your header needs to look like:

Authorization: Bearer MY_TOKEN