Core: JWT - token middelware Routes not working In Adonis API

Created on 17 Dec 2017 · 17Comments · Source: adonisjs/core

I am using JWT token based auth in Adonis API. Login API working fine. I cant use the jwt auth check for other routes.
for example, Admin login success full, but that same admin auth check not working other activities.

   My Routes:

   Route.group(() => {
   Route.get('user', 'UserController.index');
   Route.post('addUser', 'UserController.store');
   Route.get('getUser/:id', 'UserController.showId').middleware(['auth:jwt']);
   Route.put('updateUser/:id', 'UserController.userUpdate');
   Route.delete('deleteUser/:id', 'UserController.remove');
   Route.post('login', 'UserController.login');
   Route.get('check', 'UserController.check').middleware(['auth:jwt']);
   }).prefix('api/v2');


  My auth.js
     jwt: {
            serializer: 'lucid',
            model: 'App/Models/User',
            scheme: 'jwt',
            uid: 'email',
            password: 'password',
            options: {
             secret: 'self::app.appKey'
             }
             }
         }

User controller:

   async login({request, auth, response}) {
          const {email, password} = request.all();
          let token = await auth.attempt(email, password);
           return response.status(200).json({data: token, message: 'Login successfull', status: true});
          }

Its working fine.

But i want to check get users from DB using id passing in url with auth check it's not working.

      //get by id

        async showId({params, response, auth}) {
         try {
           let play = await auth.generate(user);
            console.log(play);
           let userInfo = await User.find(params.id)
             if (userInfo != null) {
             return response.json({data: userInfo, auth: auth, message: 'get the record', status: true})
           }
            return response.status(404).json(notFound)
          } catch (error) {
                   response.send('Missing or invalid jwt token')
             }

            }
   URL : oute.get('getUser/:id', 'UserController.showId').middleware(['auth:jwt']);

Response
jwt

I passed header also.give me the solution.

Source

Jayaramvenkatanarayanan

Most helpful comment

The token passed in the Authorization header must start with Bearer keyword. http://adonisjs.com/docs/4.0/authentication#_jwt

Authorization = Bearer <token>

thetutlage on 18 Dec 2017

👍2

All 17 comments

The token passed in the Authorization header must start with Bearer keyword. http://adonisjs.com/docs/4.0/authentication#_jwt

Authorization = Bearer <token>

thetutlage on 18 Dec 2017

👍2

Thanks now it's resolved, but I can't revoke my jwt token check my code below and suggest me

Logout code:

     const user = await auth.getUser()  -- (in Doc use current.user but its not working for me ) 
     console.log(user);
     const token = auth.getAuthHeader()
     await user
              .tokens()
              .where('type', 'api_token')
               .where('is_revoked', false)
               .where('token', Encryption.decrypt(token))
               .update({ is_revoked: true })
      return response.send({ message: 'Logout successfully' })

if i use const user = await auth.current.user i got the error below

jwt

help me to find out the solutions

Jayaramvenkatanarayanan on 18 Dec 2017

Is the route to revoke the token using the auth middleware?

thetutlage on 18 Dec 2017

yes, it's logout API for current user revoke jwt session. That Jwt token can't use future auth condition

Jayaramvenkatanarayanan on 18 Dec 2017

Can u share the route definition for logout

thetutlage on 18 Dec 2017

ya sure

 Route.group(() => {
  Route.post('login', 'UserController.login')  ;
 Route.get('user', 'UserController.index').middleware('auth');
  Route.get('logout', 'UserController.logout')
}).prefix('api/v2');

Log out code

 async logout({auth, response}) {
const user =  await auth.current.user 
 console.log(user);
 const token = auth.getAuthHeader()
 await user
          .tokens()
          .where('type', 'api_token')
           .where('is_revoked', false)
           .where('token', Encryption.decrypt(token))
           .update({ is_revoked: true })
  return response.send({ message: 'Logout successfully' })
  }

error

 Cannot read property 'user' of undefined

Jayaramvenkatanarayanan on 18 Dec 2017

As per the routes file you shared, the logout is not using the auth middleware

thetutlage on 18 Dec 2017

Yes, bro, I cant get the current user while i use this code

const user = await auth.current.user

if I use this

  const user =  await auth.getUser()

revoke jwt successful but still, i can use that. (old token cant revoke)

Jayaramvenkatanarayanan on 18 Dec 2017

Do u even understand what I am saying.

When a request reaches the logout route, how does Adonis knows which user token should be returned?

thetutlage on 18 Dec 2017

Ok, I will give the particular token and revoke that. may I correct? pl give the sample how to do it

Jayaramvenkatanarayanan on 18 Dec 2017

Can u please change your route to use the auth middleware?

Route.get('logout', 'UserController.logout').middleware('auth')

thetutlage on 18 Dec 2017

ok i will check it and update you

Jayaramvenkatanarayanan on 18 Dec 2017

Thanks bro

Jayaramvenkatanarayanan on 18 Dec 2017

The token passed in the Authorization header must start with Bearer keyword. http://adonisjs.com/docs/4.0/authentication#_jwt
Authorization = Bearer <token>

Where should this be set?