I am creating a jwt like this:
return jwt.sign({
some_key: some_value
}, Authentication.secret, { expiresIn: '1s'});
And verifying it like:
jwt.verify(token, Authentication.secret, (err, result) => {
if (err) {
return res.status(400).send('Failed');
}
return next();
});
}
When I log the decoded results, I can see something like:
iat: 1499970792,
exp: 1499970793
which looks fine I suppose, I have checked whether the token I am sending to the client is the same as the one I am verifying, all looks good..but the middleware proceeds with next(), am I missing something here?
I used the following line:
jwt.verify(token, secret, (err, result) => { return res.status(200).send({ err: err, result: result, }); });
on an expired token and got this result:
{
"err": {
"name": "TokenExpiredError",
"message": "jwt expired",
"expiredAt": "2017-07-19T17:08:44.000Z"
}
}
On a non-expired token, I got this result:
{
"err": null,
"result": {
"data": "data",
"iat": 1500484656,
"exp": 1500916656
}
}
which is the expected result. Maybe try logging your err object and seeing what's happening? Perhaps the next() is being called later in your code?
I am using the next() ... snap! this is how it looks like
return jwt.verify(token, Authentication.secret, (err, result) => {
if (err) {
console.log("Auth error", err);
return res.status(400).send('Failed on second middleware');
}
return next();
});
I guess putting the next() in an else wouldn't cut it?
If wrapping the call to next() in an else works then it is a fine solution, but I would imagine that the return statement should stop execution. Maybe there is something I'm missing, however? Give the else a try and see if that fixes it for you.
@z2oh the return was not needed, thanks
Most helpful comment
I used the following line:
on an expired token and got this result:
On a non-expired token, I got this result:
which is the expected result. Maybe try logging your
errobject and seeing what's happening? Perhaps thenext()is being called later in your code?