Confusions about "Authorization: Bearer JWT_ACCESS_TOKEN"

Question

I am a beginner using jsonwebtoken to authenticate a user in my node.js web app. I signed a jwt token in app.post('/login') using jwt.sign() and when i try to access/ verify it in app.get('/dashboard') using req.headers['authorization'].split(' ').[1] it gives null or undefined as there is no authorization header in console.log(req.headers).

But it can be access or verify in postman as there i set auth type to bearer <token> due to which number of headers increment by 1 that is authorization: bearer <token>.

Then i store the token in cookie using res.cookie('token', accessToken) and i can access it in my routes without postman.

keeping in view above scenario i have following confusions:

• Where else can i store jwt token to access in my browser? and which is most secure store to access jwt token in browser?
• Why there is no authorization: bearer <token> header in my browser??
• Can i add authorization: bearer <token> header manually to access the token in my browser? if yes...how?
• If my app use https instead http protocol then will it be same situation of no authorization: bearer <token> header in browser?

I googled it but cant conclude. please help....!

Answer 1

In postman you can add token field in header like

key = token
value = token

and access it:

let token = req.headers['token'] //token = 'token'

it is up to you if you add Bearer before token or not.

key = token
value = Bearer token

additionally postman have an auth tab that do exact thing. it names key as authorization and for value it adds a prefix based on what you selected like Bearer and then adds it manually to header. when writing client side cade, it is up to you whether to add Bearer prefix or not.

  headers: {
    'Authorization': `Basic ${token}` 
  }

this is not related to http or https. for how to use jwt in browser read: Should JWT be stored in localStorage or cookie?