Admin login fails with 401

Hey man, great thanks for your guys’ awesome framework and contribution, but I got the same 401 error as 3.1 admin login fails with 401 · Issue #7140 · strapi/strapi · GitHub when I just setup a superuser first time in my production server. The local server is running well and the same code pulled from a git repo at the prod server.

Node.js version: v14.14.0
NPM version: 6.14.8
Strapi version: 3.1.4
Database: MySQL 8.0.22
Operating system: debian

BTW: I don’t have the extension of permission :sweat_smile:
I saw the registration is successful and the record has been stored in the database, just queried it. All the things seem good, but get 401 and redirect to the login page every time.

How can I debug the details reason of 401?

Have you recently migrated from 3.0.x?

Can you check if you have JWT key declared inside the /config/server.js and if you declared the ADMIN_JWT_SECRET in env.

module.exports = ({ env }) => ({
  // ...
  admin: {
    auth: {
      secret: env('ADMIN_JWT_SECRET'),

Thanks for your response!

Not upgraded from 3.0, but it does have secret config.

I guessed the token was not passed through the request. I just guess because cannot see verbose log, but probably for this reason.
I set a Nginx reverse proxy, is it affected by this?

I’m using nginx proxy as well, can you try to define manually the JWT secret in config/server.js? Without using ENV

thanks @sunnyson, my config/server.js is:

module.exports = ({ env }) => ({
  host: env('HOST', ''),
  port:'PORT', 1337),
  url: '',
  admin: {
    auth: {
      secret: env('ADMIN_JWT_SECRET', '1e978b20a8532605b42d18bf01ea37f4'),

I too tried to use: {secret: ‘1e978b20a8532605b42d18bf01ea37f4’,}, not works

and nginx conf is:

    # Strapi API and Admin
    location /api/ {
        rewrite ^/api/(.*)$ /$1 break;
        proxy_pass http://strapi;   // upstream has been set to
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;

OH, I found a JWT token passed with request I don’t know where it from.
Can I skip the token validation? which means it is unnecessary for my current project, how to drop it.

Not sure I understand this? Can you clarify a bit?

Our current project already has an auth system, it conflicts with the one provided by Strapi, especially when login admin. So I want to skip or disable auth validation of strapi.