I'm trying jwt on express-gateway. But from the configuration gateway.config.yml it is in accordance with the documentation. but, thats always return unautorized. my gateway.config.yml:
http:
port: 8080
apiEndpoints:
crudAPI:
host: localhost
paths:
- '/users/get-user-data'
- '/users/delete-user-data'
- '/users/add-user-data'
- '/users/get-one-user-data/*'
- '/users/update-user-data'
- '/users/update-pass-user-data'
serviceEndpoints:
crudService:
url: 'http://localhost:3004'
policies:
- proxy
- log
- jwt
pipelines:
crud:
apiEndpoints:
- crudAPI
policies:
- log:
- action:
message: "header===> ${req.headers.authorization}"
- jwt:
- action:
secretOrPublicKey: 'secretAuth'
checkCredentialExistence: false
# passThrough: true
- proxy:
- action:
serviceEndpoint: crudService
if passThrough set to true its work correctly. something went wrong?
This works well in EG. There was only a mistake on the JWT that I made on the backend API. Thank you for taking the time to investigate this case. I am very grateful for working with EG.
My backend API when authenticating JWT:
// JSON WEB TOKEN STRATEGY
passport.use(new JwtStrategy({
// jwtFromRequest: ExtractJwt.fromHeader('authorization'), // WRONG
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), // CORRECT
secretOrKey: config.JWT_SECRET
}, async (payload, done) => {
try {
// find user specified in token
const user = await User.findById(payload.sub);
// handle if user doesnt exist
if(!user) {
return done(null, false);
}
// return the user
done(null, user);
} catch (error) {
done(error, false);
}
}));