UnauthorizedError: invalid algorithm express-jwt

Use this

expressJwt({
  secret: process.env.JWT_SECRET,
  algorithms: ['sha1', 'RS256', 'HS256'],
})

I had the same problem. I use Auth0 for signin in users. You have to check the algorithm type.

If you're using Auth0 then go to

Client -> Settings -> Advanced Settings -> OAuth

and check the algorithm type. It has to be HS256.

If you're not using Auth0 then check the algorithm type also.

HS256 is less secure because it is symmetric, (the same secret is shared between the client and server). See this question: RS256 vs HS256: What's the difference?

You can maintain RS256 by using the node-jwks-rsa module to retrieve the signing key:

import jwt from 'express-jwt'
import jwksRsa from 'jwks-rsa'

const secret = jwksRsa.expressJwtSecret({
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 5,
  jwksUri: 'https://<YOUR_AUTH0_DOMAIN>/.well-known/jwks.json',
})

const jwtCheck = jwt({
  secret: secret,
  audience: <YOUR_AUTH0_AUDIENCE_OR_CLIENT_ID>,
  issuer: 'https://<YOUR_AUTH0_DOMAIN>/',
  algorithms: ['RS256'],
})

app.use(jwtCheck)

Use the code below in your expressJwt param():

algorithms: ['sha1', 'RS256', 'HS256'],   


Copy the algorithms and change/paste it on your function this methods helps me in postman, paw, robo 3t

UnauthorizedError: invalid algorithm express-jwt

Tags:

Node.Js

Express Jwt

Json Web Token

Auth0

Related

Recent Posts