Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can I use Header - Authorization for authorization token? #224

Open
savager opened this issue Mar 5, 2016 · 10 comments
Open

Can I use Header - Authorization for authorization token? #224

savager opened this issue Mar 5, 2016 · 10 comments
Labels
bug help wanted

Comments

@savager
Copy link

savager commented Mar 5, 2016

I'm not sure how passport is handling it, but I can only get it working passing auth_token as a parameter at the moment. If this isn't supported that's fine just let me know.
@ghaiklor
Copy link
Owner

ghaiklor commented Mar 5, 2016

@savager you can, Authorization: Bearer <token>

@savager
Copy link
Author

savager commented Mar 5, 2016

That's what I thought, but I get, "no auth token" still.. don't worry i'll figure it out. Thanks!

@ghaiklor
Copy link
Owner

ghaiklor commented Mar 5, 2016

@savager strange, if you find smth useful, let me know, please.

@ghaiklor
Copy link
Owner

@savager did you figure out how to fix the problem ?

@savager
Copy link
Author

savager commented Mar 23, 2016

If i remember correctly I changed the config/passport.js JWT extract to use fromAuthHeader() instead of fromAuthHeaderWithScheme(authScheme)

this way worked as Authorization JWT :token:

@tlays11
Copy link

tlays11 commented Jun 22, 2016

In config/passport.js the JWT_STRATEGY_CONFIG const, updated the jwtFromRequest property to this:
jwtFromRequest: ExtractJwt.versionOneCompatibility({authScheme : 'Bearer', tokenBodyField: 'api_key'}),

This way you can still used api_key get param.

@ghaiklor
Copy link
Owner

@tlays11 can you create a PR with that change? Does it break access_token field ?

@mikedevita
Copy link
Contributor

mikedevita commented Oct 20, 2016
edited

I'd suggest adding a prompt for body token or header token, and if header use the ExtractJwt.fromAuthHeader() method...

for me changing to the fromAuthHeader() didn't work i had to do like @tlays11 suggested and do the following

in config/passport.js change

const JWT_STRATEGY_CONFIG = {
  secretOrKey: 'c4a071df2a2ef9d0dcce2e38d39d67cee6bba0ddcbe69f21cb2e20ea3d9cd9ef',
  jwtFromRequest: ExtractJwt.versionOneCompatibility({authScheme: 'Bearer', tokenBodyField: 'access_token'}),
  tokenQueryParameterName: 'access_token',
  session: false,
  passReqToCallback: true
};

to

const JWT_STRATEGY_CONFIG = {
  secretOrKey: '2546dd38b356dafb9ea2f6ed75586f883f3c3f1a55f1edc630b3d7eb3689d54e',
  jwtFromRequest: ExtractJwt.versionOneCompatibility({
    authScheme: 'Bearer',
    tokenBodyField: 'access_token'
  }),
  tokenQueryParameterName: 'access_token',
  authScheme: 'Bearer',
  session: false,
  passReqToCallback: true
};

doing so i'm now able to add an Authorization Bearer <token> header and it works. not sure if this is the right way or not.

edit: i'm forking and trying to submit a PR which prompts the user for header or body tokens and it looks like the latest version includes the authScheme already not sure if a PR is necessary?

@ghaiklor
Copy link
Owner

@mikedevita great, yeah, looks good. You can create a PR for this. I'm not sure if we need to ask a user for this, imho, it should work for both cases without prompting the user.

@mikedevita
Copy link
Contributor

@ghaiklor yeah i dont think its required if the current ver supports both. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@savager @tlays11 @mikedevita @ghaiklor