Hi, I recently updated my server to use Apollo Server v4. Since then I’ve been unable to verify my token. I keep getting the :JsonWebTokenError: jwt malformed. I just don’t know why!!
Here’s my server code:
import { ApolloServer } from '@apollo/server';
import { startStandaloneServer } from '@apollo/server/standalone';
import resolvers from './graphql/Resolvers.js';
import { typeDefs } from './graphql/gqlSchema.js';
import verifyToken from './verifyToken.js';
import config from './config.cjs';
import startMongo from './Mongo/StartMongo.js';
const server = new ApolloServer({
cors: { origin: 'https://www.timerwise.com' },
typeDefs,
resolvers,
});
const { url } = await startStandaloneServer(server, {
context: async ({ req }) => {
let isAuthenticated = false;
let token;
try {
const authHeader = req.headers.authorization || '';
if (authHeader) {
const token = authHeader.split(' ')[1];
const payload = await verifyToken(token);
console.log('payload', payload);
isAuthenticated = payload && payload.sub ? true : false;
}
} catch (error) {
console.error(error);
}
return { req, auth: { token, isAuthenticated } };
},
listen: { port: config.PORT },
});
startMongo();`Preformatted text`
console.log(`🚀 Server ready at ${url}`);
Here’s my validation code:
import jwt from 'jsonwebtoken';
import jwksClient from 'jwks-rsa';
import config from './config.cjs';
const verifyToken = async (bearerToken) => {
const client = jwksClient({ jwksUri: `https://${config.AUTH0_DOMAIN}/.well-known/jwks.json` });
function getJwksClientKey(header, callback) {
console.log('kid', bearerToken.kid);
client.getSigningKey(header.kid, function (error, key) {
const signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
return new Promise((resolve, reject) => {
jwt.verify(
bearerToken,
getJwksClientKey,
{
audience: config.AUDIENCE,
issuer: `https://${config.AUTH0_DOMAIN}/`,
algorithms: ['RS256'],
},
function (err, decoded) {
if (err) reject(err);
resolve(decoded);
}
);
});
};
export default verifyToken;
I receive the bearerToken just fine but somehow I can’t verify with getJwksClientKey. Why?