Stumped with JWT during auth

Hi All,

I’m befuddled by this issue I’m having with authentication using json web tokens. I’m able to get a jwt sent out after a successful login but any attempt to call a protected api route with the token in the auth header always return 401.

Here is the link to the repo:

I’m using Postman to make my api calls.

In my Authorization header I’ve tried several values:

Authorization: Bearer <token>
Authorization: JWT <token>
Authorization: Bearer JWT <token>

All of them return back with 401. I even set the expiration for more than a year and setting the passport-jwt options to ignoreExpiration and it still didn’t fix the issue.

Like I said, this has left me befuddled and even after looking at solutions on google, it still doesn’t solve my issue I’m having.

Has anyone ever encountered this? Is there a way to debug the jwt-strategy so I can compare the payload? It seems like it isn’t being run when the api call is made.

Thanks in advance.

I’ve done jwt only once - when I was following the tutorial (Link) as I usually just let some serious company to do authentication for me.
But I looked through files for that tutorial and here is how authentication middleware was implemented:

const {User} = require('./../models/user');

const authenticate = (req, res, next) => {
  const token = req.header('x-auth');

  User.findByToken(token).then(user => {
    if (!user) {
      return Promise.reject();
    req.user = user;
    req.token = token;
  }).catch(e => {

module.exports = {authenticate}

You see that jwt token has been sent in a custom header x-auth. Maybe you can do something similar?

1 Like

I figured it out folks. The token itself is NOT a string. I was sending out like this

Authorization: "JWT <token>"

when it should of been like this

Authorization: JWT <token>

I think it has a lot to do with the token being base64. But I’m happy it is working