I’m going to add to this, been trying to debug logging in with /api/auth/local for 2 days, trying various methods, which either produce a 400, 401 or the 500 error message. Also tried the “new FormData()” method for my data and I just can’t get this to work.
const result = await fetch( ``${API_URL}/api/auth/local`, {
method: 'POST',
body: JSON.stringify( {
'identifier': username,
'password': password
} )
} );
const result = await fetch( ``${API_URL}/api/auth/local`, {
headers: {
'Content-Type': 'application/json'
},
method: 'POST',
body: JSON.stringify( {
'identifier': username,
'password': password
} )
} );
const result = await fetch( ``${API_URL}/api/auth/local`, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
method: 'POST',
body: JSON.stringify( {
'identifier': username,
'password': password
} )
} );
axios.post( `${API_URL}/api/auth/local`, {
'identifier': username,
'password': password
} )
axios.post( `${API_URL}/api/auth/local`, JSON.stringify( {
'identifier': username,
'password': password
} ) )
as mentioned in thread, is seems the 400 error message seems to be “identifier and password” required message. My 500 message is giving me this error:
[2023-02-24 17:37:39] [2023-02-24 17:37:39.192] error: "jwtSecret" is not allowed in "options"
[api] [2023-02-24 17:37:39] Error: "jwtSecret" is not allowed in "options"
[api] [2023-02-24 17:37:39] at /workspace/node_modules/jsonwebtoken/sign.js:45:17
[api] [2023-02-24 17:37:39] at Array.forEach (<anonymous>)
[api] [2023-02-24 17:37:39] at validate (/workspace/node_modules/jsonwebtoken/sign.js:41:6)
[api] [2023-02-24 17:37:39] at validateOptions (/workspace/node_modules/jsonwebtoken/sign.js:56:10)
[api] [2023-02-24 17:37:39] at Object.module.exports [as sign] (/workspace/node_modules/jsonwebtoken/sign.js:165:5)
[api] [2023-02-24 17:37:39] at Object.issue (/workspace/node_modules/@strapi/plugin-users-permissions/server/services/jwt.js:33:16)
[api] [2023-02-24 17:37:39] at Object.callback (/workspace/node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js:90:32)
[api] [2023-02-24 17:37:39] at runMicrotasks (<anonymous>)
[api] [2023-02-24 17:37:39] at processTicksAndRejections (node:internal/process/task_queues:96:5)
[api] [2023-02-24 17:37:39] at async returnBodyMiddleware (/workspace/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
This seems to indicate it’s having issues with the jwtSecret. I’m hosting on Digital Ocean, so now I’m making sure my environment variables are all set correctly and rebuilding…
They are.
So, now comes the tedious process of debugging the code. I loaded the API server locally and started tracing files, putting console logs starting with auth.js, then jwt.js. This is where I discovered my issue:
In jwt.js, line 38, they are passing 3 parameters to the jwt.sign() function. The 3rd parameter appears to be options. And Strapi is passing the “jwtSecret” key:value.
jsonwebtoken (npm package that has function jwt.sign) has a function to validate passed options… and “jwtSecret” is not one of the valid options, so it’s throwing and error, which in turn, Strapi is not handling properly so it’s throwing a 500 error.
I manually changed the 3rd option from:
return jwt.sign(
_.clone(payload.toJSON ? payload.toJSON() : payload),
strapi.config.get('plugin.users-permissions.jwtSecret'),
jwtOptions
);
to
return jwt.sign(
_.clone(payload.toJSON ? payload.toJSON() : payload),
strapi.config.get('plugin.users-permissions.jwtSecret'),
{
'expiresIn': jwtOptions.expiresIn || '30d'
}
);
…since it only appears to be sending the expiresin option. And now it’s working.
Not sure if this fix applies to you guys, but after two days of debugging, figured I would share.