Unable to get decoded payload of JWT from auth0/express-jwt library

denzel · August 13, 2020, 11:05am

I’m trying to obtain the decoded JWT payload using the express-jwt from auth0 as a middleware in my expressjs application. For the token to be used for authentication, I have to use a custom async function to process the token first before providing it to express-jwt. I understand that I can write a custom function under the getToken parameter as documented in express-jwt as shown below, but it does not work with async function.

const jwt = require("express-jwt");

const checkJwt = jwt({
  secret: 'hello world !',
  algorithms: ['HS256'],
  credentialsRequired: false,
  getToken: function fromHeaderOrQuerystring (req) {
    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
        return req.headers.authorization.split(' ')[1];
    } else if (req.query && req.query.token) {
      return req.query.token;
    }
    return null;
  }
});

module.exports = checkJwt;

To overcome this limitation, I included the jwt() as part of a larger middleware function that first process the token, and then providing it to jwt(). The unprocessed token is attached to my headers. My code structure is as follows:

const myMiddleware = async (req, res, next) => {
  // Process Token First
  const processedToken = await functionToProcessToken(req.headers.tokenLocation);
  // Jwt Authentication
  jwt({
    secret: 'hello world !',
    algorithms: ['HS256'],
    credentialsRequired: false,
    getToken: processedToken
  });
  next();
});

module.exports = myMiddleware;

While I’m able to authenticate my routes without any issue, I need to get the decoded JWT payload for further uses. By default, as written in the documentation, the decoded payload should have been attached to req.user, but when I try to console.log it, it shows undefined. I have also tried adding requestProperty but it does not work as well. The documentation for resultProperty is not very clear, so I could not get that to work too.

I very much appreciate if someone can point me towards right direction to help me achieve the expected outcome for my middleware. Thank you!

I have opened up an issue on github as well: Unable to get decoded payload of JWT from auth0/express-jwt library · Issue #241 · auth0/express-jwt · GitHub

konrad.sopala · August 13, 2020, 3:04pm

Thanks for reporting that! Can I ask you to copy paste it and create a GitHub issue in the repo so we can work on that directly with the repo maintainers? Thank you! Make sure to share the link to the issue here with us in the thread

denzel · August 13, 2020, 4:23pm

Hello, I have opened up an issue on GitHub, but it seems like the repo is not active anymore as I saw that issues have been left unanswered since Aug 19. Hopefully someone can help me with this. Thanks!

konrad.sopala · August 14, 2020, 6:22am

Can you share with us the link to the issue here so we can send it over to the repo maintainers? Thanks!

denzel · August 14, 2020, 6:50am

Hello, here is the link! thanks!

github.com/auth0/express-jwt

Unable to get decoded payload of JWT from auth0/express-jwt library

opened 04:17PM - 13 Aug 20 UTC

closed 01:11PM - 21 Aug 20 UTC

denzel-datature

### Description I'm trying to obtain the decoded JWT payload using the `expre…ss-jwt` from `auth0` as a middleware in my expressjs application. For the token to be used for authentication, I have to use a custom `async` function to process the token first before providing it to `express-jwt`. I understand that I can write a custom function under the `getToken` parameter as documented in `express-jwt` as shown below, but it does not work with `async` function. ``` const jwt = require("express-jwt"); const checkJwt = jwt({ secret: 'hello world !', algorithms: ['HS256'], credentialsRequired: false, getToken: function fromHeaderOrQuerystring (req) { if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') { return req.headers.authorization.split(' ')[1]; } else if (req.query && req.query.token) { return req.query.token; } return null; } }); module.exports = checkJwt; ``` To overcome this limitation, I included the `jwt()` as part of a larger middleware function that first process the token, and then providing it to `jwt()`. The unprocessed token is attached to my headers. My code structure is as follows: ``` const myMiddleware = async (req, res, next) => { // Process Token First const processedToken = await functionToProcessToken(req.headers.tokenLocation); // Jwt Authentication jwt({ secret: 'hello world !', algorithms: ['HS256'], credentialsRequired: false, getToken: processedToken }); next(); }); module.exports = myMiddleware; ``` While I'm able to authenticate my routes without any issue, I need to get the decoded JWT payload for further uses. By default, as written in the documentation, the decoded payload should have been attached to `req.user`, but when I try to console.log it, it shows `undefined`. I have also tried adding `requestProperty` but it does not work as well. The documentation for `resultProperty` is not very clear, so I could not get that to work too. I very much appreciate if someone can point me towards right direction to help me achieve the expected outcome for my middleware. Thank you! ### Environment - **Version of this library used:** 5.3.3 - **Version of the platform or framework used, if applicable:** - **Other relevant versions (language, server software, OS, browser):** Ubuntu 18.04 - **Other modules/plugins/libraries that might be involved:** jwts-rsa

konrad.sopala · August 14, 2020, 7:57am

Perfect! I’ll ping repo maintainers in a few minutes

system · August 29, 2020, 7:57am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.