Kevin Kevin - 20 days ago 6
Javascript Question

Circular reference blocks jsonwebtoken.sign cause of JSON.stringify

I'm using Express and Sequelize to make a basic user authentication based upon this tutorial

When I want to sign a token to a user I get an error telling me I'm trying to

a circular reference which cannot be done. Therefor an error is thrown and I can't assign the token to the user.

OR I am doing something wrong when finding my user in the database which makes a circular reference OR I just need to find a solution to break the circular reference I suppose. Anyone who could explain me which of the two it is?

The full error is:

TypeError: Converting circular structure to JSON
at Object.stringify (native)
at toString (/Users/Desktop/express-jwt/node_modules/jws/lib/tostring.js:9:15)
at jwsSecuredInput (/Users/Desktop/express-jwt/node_modules/jws/lib/sign-stream.js:12:34)
at Object.jwsSign [as sign] (/Users/Desktop/express-jwt/node_modules/jws/lib/sign-stream.js:22:22)
at Object.module.exports [as sign] (/Users/Desktop/express-jwt/node_modules/jsonwebtoken/sign.js:144:16)
at Model.User.findOne.then.user (/Users/Desktop/express-jwt/server/index.js:69:27)
at Model.tryCatcher (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/promise.js:510:31)
at Promise._settlePromise (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/promise.js:567:18)
at Promise._settlePromise0 (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/promise.js:612:10)
at Promise._settlePromises (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/promise.js:691:18)
at Async._drainQueue (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/async.js:138:16)
at Async._drainQueues (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/async.js:148:10)
at Immediate.Async.drainQueues (/Users/Desktop/express-jwt/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:574:20)
at tryOnImmediate (timers.js:554:5)

My index for the server is:

const express = require(`express`);
const app = express();
const bodyParser = require(`body-parser`);
const morgan = require('morgan');

const jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens
const config = require('./config'); // get our config file
const db = require(`./models`);
const User = global.db.User;

const port = process.env.PORT || 8080;

db.sequelize.sync().then(() => {
console.log(`Express server listening on port ${port}`);

app.set('superSecret', config.secret);

app.use(bodyParser.urlencoded({extended: false}));


app.get('/', (req, res) => {
res.send('Hello! The API is at http://localhost:' + port + '/api');

console.log('Magic happens at http://localhost:' + port);

app.get('/setup', (req, res) => {

db.sequelize.sync().then(() => {
return User.create({
username: 'Kevin frafster',
password: 'password',
admin: true
.then(addedUser => {
plain: true
.catch(err => {


// API ROUTES -------------------

// get an instance of the router for api routes
const apiRoutes = express.Router();'/authenticate', (req,res) => {
where: {username: req.body.username}
}).then(user => {
if (!user) {
res.json({ success: false, message: 'Authentication failed. User not found.'});
// console.log(user);
if (user.password != req.body.password) {
res.json({ success: false, message: 'Authentication failed. Wrong password.' })

const token = jwt.sign(user, app.get('superSecret'), {
expiresIn: 60*60*24

succes: true,
message: 'Enjoy your token!',
}).catch(err => {

// TODO: route to authenticate a user (POST http://localhost:8080/api/authenticate)

// TODO: route middleware to verify a token

// route to show a random message (GET http://localhost:8080/api/)
apiRoutes.get('/', (req, res) => {
res.json({ message: 'Welcome to the coolest API on earth!' });

// route to return all users (GET http://localhost:8080/api/users)
apiRoutes.get('/users', (req, res) => {
.then(users => {
.catch(err => {

// apply the routes to our application with the prefix /api
app.use('/api', apiRoutes);


Well, the answer was totally peanuts.

1) Make new object and assign payload to it

const payload = {username: user.username, password: user.password};

2) Use the new object to assign token to

const token = jwt.sign(payload, app.get('superSecret'), {
  expiresIn: 60*60*24