I’m trying to implement an API endpoint where presence of a token is optional. If I understand this correctly, the way to do this is to add credentialsRequired: false
as one of the params to the middleware.
However, requests made to this endpoint that do not have a token, result in UnauthorizedError: jwt malformed at new UnauthorizedError
So just to make sure it’s clear, it does not appear to be a problem with validating the tokens in itself, because if the token is present everything works as expected. But the error shows up without a token.
My checkJwt is configured as follows
const { expressjwt } = require("express-jwt");
const jwksRsa = require("jwks-rsa");
const domain = process.env.AUTH0_DOMAIN, audience = process.env.AUTH0_AUDIENCE;
const checkJwt = expressjwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${domain}/.well-known/jwks.json`
}),
credentialsRequired: false,
audience: audience,
issuer: `https://${domain}/`,
algorithms: ["RS256"]
});
module.exports = {
checkJwt
};
The route in express is as follows
router.post('/membership/upgrade', checkJwt, require('./handlers/membership').upgrade);
I have checked the request headers on the client side and it’s not adding Bearer
.
Can anybody point out what I’m doing wrong?