const jwt = require("jsonwebtoken");
const SECRET = "superSuperSecret";
module.exports = function(req, res, next) {
const token = req.body.token || req.query.token || req.headers[ "x-access-token" ];
if (token) {
return jwt.verify(token, SECRET, function(err, decoded) {
if (err) {
return res.json({
success: false,
message: "Failed to authenticate token.",
});
}
req.user = decoded;
return next();
});
}
return res.unauthorized();
};
I'm using Postman to test my API. I setup the header with a x-access-token
key and the value superSuperSecret
. I got the error {"name":"JsonWebTokenError","message":"jwt malformed","level":"error"}
. I'm using this https://github.com/FortechRomania/express-mongo-example-project/blob/master/src/middlewares/validateToken.js
You cannot pass any value as token. You need jwt.sign()
to create a token. Look at the documentation of JWT for more information.
Also,
For the request Header name just use Authorization
not x-access-token
. Place Bearer before the Token.
Authorization: Bearer TOKEN_STRING
Each part of the JWT is a base64url encoded value. You can get your token as:
var token = req.headers.authorization.split(' ')[1];
Note :
JWT will return jwt malformed If Token is null/Invalid-Signature that is being passed to jwt.verifty function
let token = null;
let payload = jwt.verify(token, 'secretKey'); // ERROR : jwt malformed
From what I see, you are not sending the actual JWT token but the secret instead. A valid JWT token consist of a three-part string delimited by dots, like so:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
As you can see on the above website, 'superSuperSecret' is not a valid JWT token.
来自客户端的令牌可以作为 null 或空白字符串传递,然后将生成此错误。
Token consists of 3 parts delimited by dots. There is a code from jsonwebtoken below
var parts = jwtString.split('.'); if (parts.length;== 3){ return done(new JsonWebTokenError('jwt malformed')); }
This problem usually stems from when the value of JWT isn't available to be read at all. Check and make sure the token is available at all; maybe on the environment variable on your postman or any other API testing software you're using
const jwt = require("jsonwebtoken");
const SECRET = "superSuperSecret";
module.exports = function(req, res, next) {
const token = req.body.token || req.query.token || req.headers[ "x-access-token" ];
if (token) {
return jwt.verify(token, SECRET, function(err, decoded) {
if (err) {
return res.json({
success: false,
message: "Failed to authenticate token.",
});
}
req.user = decoded;
return next();
});
}
return res.unauthorized();
};
I'm using Postman to test my API. I setup the header with a x-access-token
key and the value superSuperSecret
. I got the error {"name":"JsonWebTokenError","message":"jwt malformed","level":"error"}
. I'm using this https://github.com/FortechRomania/express-mongo-example-project/blob/master/src/middlewares/validateToken.js
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.