express-jwt

The Auth0 team created something called "angular-jwt" which has a jwtHelper class. This thing successfully decodes a local JWT without the secret I used on the server. How did this happen? If they are not secure, then what is the point of using a secret to sign/encrypt them? Function on the server that encrypts the token (using "jsonwebtoken"): function createToken (user) { return jwt.sign(_.omit(user, 'password'), config.secret, { expiresInMinutes: 60*5 }); } Code from the client: angular .module('sample.home', [ 'ui.router', 'angular-storage', 'angular-jwt' ]) .config(function (

I am learning JWT with NodeJs. I am stuck at passing the JWT in header actually i do not know how to do this. index.js file var express = require('express'), app = express(), routes = require('./routes'), bodyParser = require('body-parser'), path = require('path'), ejs = require('ejs'), jwt = require('jsonwebtoken'); app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); app.set('views', __dirname + '/views'); app.set('view engine', 'ejs'); app.post('/home',routes.loginUser); app.get('/', function(req, res) { res.render('index'); }); app.get('/home',function(req, res)

Given the following route: router.get('/api/members/confirm/:id, function (req, res, next) how do I specify the route to be excluded? I have tried: app.use('/api', expressJwt({ secret: config.secret}).unless({path: ['/api/members/confirm']})); and app.use('/api', expressJwt({ secret: config.secret}).unless({path: ['/api/members/confirm/:id']})); but neither path in the unless array seem to work? The express-jwt module is using express-unless to give you this unless method, which doesn't accept express' :param path arguments syntax. But it does accept a regex, so you could do this: app.use('

Following a couple tutorials on adding authentication using jsonwebtoken, passport, and passport-local I've become stuck on integrating it into my project . I want it so that any requests to any of the API endpoints require authentication, and also any requests to the front end which touch the API require authentication. What is happening now is I can get a user to log in and register but once they are logged in they are still unable to visit a page which is requiring authentication. The user gets a 401 error. It's like the token isn't being passed correctly in the request. I tried adding an

I have implemented an AngularJS app, communicating with Sails backend through websockets, using sails.io.js. Since the backend is basically a pure API and will be connected to from other apps as well, I'm trying to disable sessions completely and use JWT. I have set up express-jwt and can use regular HTTP requests quite nicely, but when I send a request through sails.io.js, nothing happens at all - websocket request keeps pending on the client, and there's nothing happening on the server (with "silly" log level). I've tried patching sails.io.js to support the query parameter , and when