UnauthorizedError: invalid algorithm express-jwt
Use this
expressJwt({
secret: process.env.JWT_SECRET,
algorithms: ['sha1', 'RS256', 'HS256'],
})
I had the same problem. I use Auth0 for signin in users. You have to check the algorithm type.
If you're using Auth0 then go to
Client -> Settings -> Advanced Settings -> OAuth
and check the algorithm type. It has to be HS256.
If you're not using Auth0 then check the algorithm type also.
HS256 is less secure because it is symmetric, (the same secret is shared between the client and server). See this question: RS256 vs HS256: What's the difference?
You can maintain RS256 by using the node-jwks-rsa module to retrieve the signing key:
import jwt from 'express-jwt'
import jwksRsa from 'jwks-rsa'
const secret = jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://<YOUR_AUTH0_DOMAIN>/.well-known/jwks.json',
})
const jwtCheck = jwt({
secret: secret,
audience: <YOUR_AUTH0_AUDIENCE_OR_CLIENT_ID>,
issuer: 'https://<YOUR_AUTH0_DOMAIN>/',
algorithms: ['RS256'],
})
app.use(jwtCheck)
Use the code below in your expressJwt param():
algorithms: ['sha1', 'RS256', 'HS256'],
Copy the algorithms and change/paste it on your function this methods helps me in postman, paw, robo 3t