I'm using node.js and express.js with the express-jwt module, and I have set up a simple HTTP server to test everything:

This is the node code involved:

 app.set('port', process.env.PORT || 3000);

    app.use(express.methodOverride());

    app.use(allow_cross_domain);

    app.use('/api', expressJwt({secret: '09qrjjwef923jnrge$5ndjwk'}));

    app.use(express.json());

    app.use(express.urlencoded());

    app.use('/', express.static(__dirname + '/'));

    app.use(function(err, req, res, next){

      if (err.constructor.name === 'UnauthorizedError') {

        res.send(401, 'Unauthorized');

      }

    });



    app.get('login',function(req,res){



    //...

    jwt.sign(results.username+results.email, secret, { expiresInMinutes: 9000000000*9393939393393939393939 });

    });



    app.post('api/profile',function(req,res){

     console.log(req.user); // this return undefined in console

     res.send(req.user); // response is pending and dunno why it returns error in browser console

    });

So once I open the /login URL I get logged in and I send the session token to api/post, which returns this response error in the browser console:

{error:{message:invalid signature,code:invalid_token,status:401,inner:{}}}

I don't understand why this is happening, because the token stored in the front-end and the token in JWT are the same. What could be the reason for this error?

An example of headers POSTed to the api/post URL: