Payload error in jsonwebtoken

It fails at the line

const token = jwt.sign(user, config.secret, {

With error "Expected "payload" to be a plain object"

Your user object is initialized here:

User.getUserByUsername(username, (err, user)

Which I assume is mongoosejs object, which contains many methods and is not "serializable". You could handle this by passing a plain object, by either using .lean() from mongoose or plain toJSON method:

const token = jwt.sign(user.toJSON(), config.secret, {  expiresIn: 604800 // 1 week});

I had this problem as well, with a returned user from mongoose, just add toJSON() or toObject() will fix the issue, but what happens if your user is not always coming from mongoose?

You will get a

user.toJson/user.ToObject is not a function

if you try to do this on a plain object.

If your user is coming from different sources and you don't know if it will be a plain object or not, you can solve it like this:

JSON.parse(JSON.stringify(user));

this is clearly mentioned in the migration doc of passport-jwt

that they have removed the ExtractJwt.fromAuthHeader() from version 2 and 3 and also to use the new method ExtractJwt.fromAuthHeaderAsBearerToken() or one of like that in place of old method. for compelte reference visit

From your log there is the issue

User.comparePassword (D:\Mean_Projects\meanauthapp\routes\users.js:86:27) at 

so here four thing need to be updated in your code @every Bit

First in package.json file
Change the version to latest by using * or version no like thisby going to project directory and run the command

  npm install passport-jwt --save    "dependencies": {    ....             "passport-jwt": "^3.0.1"      }

or write in the file and run the commadn

`npm install`    "dependencies": {        ....                 "passport-jwt": "*"          }

Second change this line of your code in authenticate method

const token = jwt.sign(user.toJSON(), config.secret, {  expiresIn: 604800 // 1 week});

Third in the passport code change the old method

ExtractJwt.fromAuthHeader();

to new one, from the doc reference you need to use this method opts.jwtFromRequest=ExtractJwt.fromAuthHeaderWithScheme('jwt');

and fourth change this

User.getUserById(jwt_payload._id,(err,user)=>{

This solution will work on latest version's

• if you still want to use this old method then

only change the version of your passport-jwt in package.json to 1.x.x (x is the nuber here )of your choise of lower version then 2,
by moving to project folder and runing the command npm install
the only thing you need to check is data in the payload_jwt,it will be inside the second layer so please check the jwt_payload.
ok you are all set to go you had already handled User.getUserById(jwt_payload._doc._id,(err,user)=>{