if (!options.algorithms) throw new Error('algorithms should be set'); Error: algorithms should be set

Question

I started learning Nodejs and i am stuck somewhere in the middle. I installed a new library from npm and that was express-jwt, its showing some kind of error after running. Attached the code and the logs of the error, please help me out!

const jwt = require('jsonwebtoken');
require('dotenv').config()
const expressJwt =  require('express-jwt');
const User = require('../models/user');




exports.requireSignin =  expressJwt({ secret:  process.env.JWT_SECRET});

The below thing is the logs of the error.

[nodemon] starting `node app.js`
D:\shubh\proj\Nodejs\nodeapi\node_modules\express-jwt\lib\index.js:22
  if (!options.algorithms) throw new Error('algorithms should be set');
                           ^

**Error: algorithms should be set**
    at module.exports (D:\shubh\proj\Nodejs\nodeapi\node_modules\express-jwt\lib\index.js:22:34)
    at Object.<anonymous> (D:\shubh\proj\Nodejs\nodeapi\controllers\auth.js:64:26)
    at Module._compile (internal/modules/cjs/loader.js:1138:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1158:10)
 

Answer 1

The issue caused by changes in version 6.0.0. Documentation also has been updated recently, it says:

The algorithms parameter is required to prevent potential downgrade attacks when providing third party libraries as secrets.

So now specifying algorithm property is mandatory, like so:

expressJwt({
  secret: 'secret',
  algorithms: ['HS256']
})

Answer 2

if the above algorithm : ['RS256'] does not work try this, algorithms: ['HS256']

Answer 3

if you are facing this error you might be using the new version of 'express-jwt' Downgrade to ^5.3.3 version to solve this

Answer 4

 exports.requireSignin = expressJwt ({
      secret: process.env.JWT_SECRET,
      algorithms: YOU CHOOSE ALGORITHM 
});

For more details visit: https://www.npmjs.com/package/express-jwt

jwt({ secret: new Buffer('shhhhhhared-secret', 'base64') })

Answer 5

For those wandering what algorithm is used to generate their tokens

A JWT is made of 3 parts separated with a dot '.':

<header>.<payload>.<signature>

The header (and payload) is just a Base64 encoded JSON object that holds the name of the hashing algorithm.

For example, with that token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXNzYWdlIjoiaGkgc3RhY2tvdmVyZmxvdyJ9.01jBDw7uUgCr8cRMEQt4KJxfL6QLkt0ZuHly2AxdXZY

you could use atob() in the javascript console of your browser to decode the header:

atob('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9')
// ? "{\"alg\":\"HS256\",\"typ\":\"JWT\"}"

Here HS256 was used.

Answer 6

I had to face the same error, and after I mentioned the algorithm in express-jwt initialization, the error was gone.

Example Code:

exports.requireSignin=  expressJwt({
      secret: process.env.jwtSecret,
      userProperty: "auth",
      algorithms: ["RS256"],
    }