Json Web Token verify() return jwt malformed
You cannot pass any value as token. You need jwt.sign()
to create a token. Look at the documentation of JWT for more information.
Also,
For the request Header name just use Authorization
not x-access-token
. Place Bearer before the Token.
Authorization: Bearer TOKEN_STRING
Each part of the JWT is a base64url encoded value. You can get your token as:
var token = req.headers.authorization.split(' ')[1];
From what I see, you are not sending the actual JWT token but the secret instead. A valid JWT token consist of a three-part string delimited by dots, like so:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
As you can see on the above website, 'superSuperSecret' is not a valid JWT token.