I am experiencing a strange bug or error in my code. I have setup an auth api on node server, using passportjs as my middleware and passport-jwt as my strategy.
My passport setup looks like this
//add jwt strategy to passport
var JwtStrategy = require('passport-jwt').Strategy;
var ExtractJwt = require('passport-jwt').ExtractJwt;
var User = require('../models/user');
var configDB = require('../config/database');
module.exports = function(passport) {
var opts = {};
opts.secretOrKey = configDB.secret;
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
//find user with give jwt payload id
User.findOne({
id: jwt_payload.id
}, function(err, user) {
if(err) {
return done(err, false);
}
if(user) {
done(null, user);
} else {
done(null, false);
}
});
}));
};
then, my protected route:
apiRoutes.get('/account', passport.authenticate('jwt', {session: false}), function(req, res) {
console.log(req.user.nickname); //returns user1 no matter what JWT I supply with request
console.log(jwt.decode(getToken(req.headers), configDB.secret)).nickname; //decodes user from token correctly
..do other stuff
});
Why does passport sets req.user with the same user everytime, no matter what Token I supply in Authorization header ? Thanks