Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[SOLVED] NbAuthJWTToken seen as NbAuthSimpleToken in different browsers

See original GitHub issue

Hello nebular-team,

as stated in the issue “NbAuthJWTToken from Response Header” #691 : _Originally posted by @applicationuser in https://github.com/akveo/nebular/issues/691#issuecomment-429504707_ The token should be read as JWT token …

this.authService.onTokenChange().subscribe( (token:NbAuthJWTToken) =>{

BUT the output tells us that it shows a SIMPLE token:

image

That is why the payload is null, and every other JWT function, like “getTokenExpDate()” does not work.

I am experiencing this problem right now, but it is different for the main browser types.

Getting class name for token

token.constructor.name returns in console :

For (Linux) Firefox (V.64), Opera (V.58) (obviously using the NB_AUTH_FALLBACK_TOKEN), which is “NbAuthSimpleToken” by default. Also (Windows) Edge, Chrome(V.71), showing: [DEBUG] Class of Token: NbAuthSimpleToken

For (Linux) Iron (=Chrome (V. 69)) I see: [DEBUG] Class of Token: NbAuthJWTToken and everything works!

I found that “authservice” as injection within the HeaderComponent provides the wrong type of class in the beginning.

I am using the config as stated in the #691 :

NbPasswordAuthStrategy.setup({
   name: 'user'
 , token: {
      class: NbAuthJWTToken , 
             getter: ( module: string,  
                           res: HttpResponse<Object>,
                           options: NbPasswordAuthStrategyOptions) 
                                 => res.headers.get('Authorization')
}

to get the token out of the header, instead of the body of response.

Backend JWT token generation

We generate the token wit io.jsonwebtoken library 👍

 String token = Jwts.builder()
		      .setSubject(user)
		      .claim("groups", new String[] { "admin", "customer" })
		      .claim("mail", "max@musterman.com")
		      .signWith(SignatureAlgorithm.HS512, "sometext")
		      .setExpiration(exprirationDate)
		      .compact();

There should not be a problem with that, because at least ONE browser can read it correct.

Required behaviour:

All browsers should receive and use the token with the “NbAuthJWTToken” class.

Additional Comments

Maybe this is a security feature or something, or maybe another provider entry is needed.

The token is correctly transferred in “Authorization” header and is printed like expected: (token hash changed for security reasons in this output): authorization , Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhc2xpbmdvIHRlc3QgdG9rZW4iLCJncm91cHMiOlsiYWRtaW4iLCJjdXN0b21lciJdLCJtYWlsIjoibWF4QG11c3Rlcm1hbi5jb20iLCJleHAiOjE1NDg4NDU5OTN9.wy-Y0CF_PCaMd2VNE3naiwqxoE2WjKO8ibMaZdRZdmCIVEUQCm1RuVBT9IOVuKxFR2YpbCesQ

All “allow” headers are set :

response.addHeader("Access-Control-Expose-Headers",
... some other headers ...
+ "Access-Control-Allow-Credentials,"
+ "Access-Control-Allow-Methods,"
+ "Access-Control-Allow-Headers,"
+ "Authorization"
);
response.addHeader("Access-Control-Allow-Headers",
... some other headers ...
+ "Access-Control-Allow-Credentials,"
+ "Access-Control-Request-Headers,"
+ "Access-Control-Request-Method,"
+ "Access-Control-Expose-Headers"
+ "Authorization,"
);

Issue Analytics

  • State:open
  • Created 5 years ago
  • Reactions:1
  • Comments:10

github_iconTop GitHub Comments

11reactions
viqashussaincommented, Feb 25, 2019

My problem was that I was configuring my auth in my auth module instead of my app module (i.e. NbAuthModule.forRoot...) --> moving this into the app.module resolved the issue.

1reaction
YeisonKiraxcommented, May 14, 2020

Hello, I’m doing debug on file …/node_modules/@nebular/auth/fesm2015/index.js. I can see that executes getPayload() of NbAuthJWTToken, and execute decodeJwtPayload(payload) , and returns the JSON decoded payload of my token. But when I want to decode the payload loaded in header.component.ts with token.getPayload() the token is of type NbAuthSimpleToken in place of NbAuthJWTToken. For this the decode token returns null. Any one can help me please.

Hello @bitos2002, the solution is move “NbAuthModule.forRoot…” to core.module.ts, exactly inside export const NB_CORE_PROVIDERS. An example:

export const NB_CORE_PROVIDERS = [ …NbAuthModule.forRoot({ strategies: [ DefaultPasswordStrategy.setup({ name: ‘Default’, token: { class: NbAuthJWTToken, key: ‘token’, },

Read more comments on GitHub >

github_iconTop Results From Across the Web

NbAuthJWTToken is undefined after successful login
In ng-admin a successful login means that the server responded with a 100 http code. Aka with no error. So if you send...
Read more >
Nebular - NbTokenService - GitHub Pages
NbTokenService. Service that allows you to manage authentication token - get, set, clear and also listen to token changes over time. · clear()...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

NbMenuService.onItemClick() calls even if not clicked after the first time

Next page

Tooltip stay visible when the component attached to is removed