pink612 pink612 - 4 days ago 7
JSON Question

Express JS and JWT - Token Type not shown in decoded header

I just added token based authentication to my express JS application - Looks like the token type doesn't show in the decoded section.

I'm testing using https://jwt.io/

Token I used to test -

eyJhbGciOiJIUzI1NiJ9.eyJfaWQiOiJSYW4zIiwibmFtZSI6IlJhbjMgVGVzdCJ9.YPJXc4tp8NaWcboE9obwGvm-AGa6fkN1IA6y0pT7u-w"


The header section just shows up

{
"alg": "HS256"
}


I expect it to show up like this -

{
"alg": "HS256",
"typ": "JWT"
}


Please explain why the Token type is missing from the header?

I generate the token like this -

var token = jwt.sign(JSON.stringify(user_dict), app.get('superSecret'));


Thanks

Answer

The "type" is an optional setting on the header per the spec which is not typically utilized so most examples don't share how to do it. Assuming you are using this library (https://github.com/auth0/node-jsonwebtoken) you will be able to pass in options to the "header" via options.header value which should allow you to specify the field "typ":"JWT" via

var options = { "header": { "typ": "JWT" } };
var token = jwt.sign(JSON.stringify(user_dict), app.get('superSecret'), options);
Comments