Need help understanding JWT authentication


I’m having a tough time understanding how to set this up with a basic express server using passport to handle the server side authentication. Can anyone point me in a direction of getting this to work?

So far I have my express server using passport-local to handle the authentication when the user attempts to login, it then sends back a JWT generated from the jsonwebtoken npm package and hands that back to ember. I’m using ember-simple-auth-token to handle this on the ember side. So far in ember I have my routes locked down and forwarding to a login page. The login page has a form that submits to my /auth endpoint and receives the token and a 200 from the /auth endpoint, but when I refresh on the ember side I have to login again, like it’s not saving the session. And when I try to access my other API end points that have the passport-jwt module as a middleware they won’t authenticate, and inspecting what ember is sending to the endpoints there is no authorization header with the token being sent to the other endpoints.

I have the ember-simple-auth-store:local-storage set in the environment variables and the expiration coming from the JWT is set to 5 minutes.

I could really use some expertise here on how to get this working. I’ve seen some tutorials on using sails.js or some other ember-simple-auth authenticators but I really want to use a simple express server with the JWT strategy. Unless you could persuade me otherwise.


Which version of Ember are you using? Are you using the jj-abrams branch (the 2.0 compatible branch) of ember-simple-auth?

Is the JWT persisting in Local Storage if you check via your browser tools?


I’m running ember-cli 1.13.7 which is running ember 1.13.6, the ember-cli-simple-auth and ember-simple-auth is 0.8.0, ember-cli-simple-auth-token is 0.7.3.

In my localstorage in chrome I see {"secure":{"authenticator":"simple-auth-authenticator:jwt","token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJuYW1lIjoibWF0YXg5MSIsImlkIjoiNTYxNWFjZWM4ODg5NjhkOTBiYjZjYmQyIn0sImlhdCI6MTQ0NDM5MDg4MCwiZXhwIjoxNDQ0MzkxMTgwLCJhdWQiOiJ0YXhib3QuY29tIiwiaXNzIjoidGF4Ym90LmNvbSJ9.Df7BDaAfAd9gMv1fjxHtduUl3Ab5nsbM_JusIs7_wmI","user":{"_id":"5615acec888968d90bb6cbd2","username":"matax91","password":"$2a$05$xWoOaGV7YktwjpzxnbVq3.XPqeFDeskiki9eVARjPHMjn0nIrHS4u","__v":0},"exp":1444391180}} under the ember_simple_auth:session key (I was actually not aware I could check localstorage in chrome dev tools, learn something every day)


I’m also now noticing this error showing up in the console when I request another resource

Error while processing route: commands.index Adapter operation failed Error: Adapter operation failed
    at new Error (native)
    at Error.EmberError (http://localhost:4200/assets/vendor.js:26273:21)
    at Error.ember$data$lib$adapters$errors$$AdapterError (http://localhost:4200/assets/vendor.js:71259:50)
    at ember$data$lib$system$adapter$$default.extend.handleResponse (http://localhost:4200/assets/vendor.js:72937:16)
    at ember$data$lib$system$adapter$$default.extend.ajax.Ember.RSVP.Promise.hash.error (http://localhost:4200/assets/vendor.js:73033:33)
    at (http://localhost:4200/assets/vendor.js:3357:30)
    at Object.jQuery.Callbacks.self.fireWith [as rejectWith] (http://localhost:4200/assets/vendor.js:3469:7)
    at done (http://localhost:4200/assets/vendor.js:9525:14)
    at XMLHttpRequest.jQuery.ajaxTransport.options.send.callback (http://localhost:4200/assets/vendor.js:9927:8)