Angular Authentication Tutorial - 26 - Middleware to Verify Token

@Codevolution Thank you for the fantastic series you bring! The best part is all my doubts get cleared just by going through the comment section! I like this
community.

sudarshanrbhat

4:54 why not use the code of ngoninit in Auth guard ??

kamalsahmoud

Thank you soo much.. sir, one doubt can we really save the token on browser like that, is any security issue..

anandhukr

Awesome bro, I learn a lot from you, keep making great videos like this . Thank you so much

huynguyendinh

This seems to be working fine when we're getting some data from the backend because that way we'll be able to use the verifyToken middleware but suppose we have an *add-events* page which only admins can access. But now even normal users after logging in can access this page because they too will have a token associated with them. CanActivate Guard will be useless in this case.
I think we have to do some changes in backend code such as replacing "secretKey" with "adminSecretKey" and "userSecretKey" ig and then in the constructor have to check if that specific key exists.

GS

thank you so much I got perfect tutorial for authentication.

kalpeshdashpute

Angular guard is a Middleware too? BTW: I get 500 (Internal Server Error) like others so I put a try-catch and it works fine :) Great tuto

simpleway

I don't understand this line of code : req.userId = payload.subject. What is it userId ? Where it's declared ? Thx for your response.

paulmonde

When I do a console.log(payload.subject) it returns undefined for me. There doesn't exist a subject on the payload it seems.


Edit: Nevermind! I completely missed that we set it in /register and /login

vartanbenohanian

Awesome! saludos desde Venezuela. .Thank you for sharing

oswaldosilva

First, thanks for the excellent tutorials. I'm learning a lot. Secondly, I'm a little stuck. I've commented out the canActivate route guard in the routing module and now when I have no token in localStorage, I can simply click on the 'special' link and it works without fail - meaning I get no errors or 401's. Oddly, when setting the userId at the end of the verifyToken function, the payload.subject is complaining that 'subject' does not exist on type String | Object. Property 'subject' does not exist on type 'String'. My Angular route guard works correctly but it appears that my API middleware isn't working correctly

mikevarela

it gives error like jwt is not provided....plz h

mcspraint

why we are assigning req.userid=payload.subject can any one explain please.

patchalalokesh

When using jwt.verify(token, ’secretKey’) it doesn’t go for the if(!payload) it throws a JsonWebTokenError: jwt malformed, so it doesn’t return the 401 unauthorized response, I am trying to catch the error but no success yet.

chrso

Hi, Codevolution. my verifyToken function is not working, but when I check network(F12) it will show the Authorziation:Bearer and the token. please help. thank you !

fanhao

Thanks for your this authentication tutorial it's really very helpful for me thanks alot. Could you please create role based access control login? It's also is very helpful many subscriber is searching

jayprasad

Interceptor is not working with this approach. using v19

shubhambahre

Hi im writing this in typeScript and im getting an error at req.userId = payload.subject; - userId does not exist on type Request. Thanks in advance.

FitLife

If you're getting an 500 Issue. it's because his code don't work like this for now (they maybe changed the way how jsonwebtoken.verify work)

you will need to suround your "payload = jwt.verify()" with a Try Catch


try {
let payload = jwt.verify(yourToken, yourKey);
next();
} Catch (error) {
return request")
}

EclairCat

Somebody please help me. I can't even read req.headers.authorization. I am always getting token = 'null'.

MIKHILMOHANC