Sails-JWT-Example https://thesabbir.com/how-to-use-json-web-token-authentication-with-sails-js/

AuthController.js

/**
 * AuthController
 *
 * @description :: Server-side logic for managing auths
 * @help        :: See http://links.sailsjs.org/docs/controllers
 */

module.exports = {
  index: function (req, res) {
    var email = req.param('email');
    var password = req.param('password');

    if (!email || !password) {
      return res.json(401, {err: 'email and password required'});
    }

    Users.findOne({email: email}, function (err, user) {
      if (!user) {
        return res.json(401, {err: 'invalid email or password'});
      }

      Users.comparePassword(password, user, function (err, valid) {
        if (err) {
          return res.json(403, {err: 'forbidden'});
        }

        if (!valid) {
          return res.json(401, {err: 'invalid email or password'});
        } else {
          res.json({
            user: user,
            token: jwToken.issue({id : user.id })
          });
        }
      });
    })
  }
};

isAuthorized.js

/**
 * isAuthorized
 *
 * @description :: Policy to check if user is authorized with JSON web token
 * @help        :: See http://sailsjs.org/#!/documentation/concepts/Policies
 */

module.exports = function (req, res, next) {
  var token;

  if (req.headers && req.headers.authorization) {
    var parts = req.headers.authorization.split(' ');
    if (parts.length == 2) {
      var scheme = parts[0],
        credentials = parts[1];

      if (/^Bearer$/i.test(scheme)) {
        token = credentials;
      }
    } else {
      return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
    }
  } else if (req.param('token')) {
    token = req.param('token');
    // We delete the token from param to not mess with blueprints
    delete req.query.token;
  } else {
    return res.json(401, {err: 'No Authorization header was found'});
  }

  jwToken.verify(token, function (err, token) {
    if (err) return res.json(401, {err: 'Invalid Token!'});
    req.token = token; // This is the decrypted token or the payload you provided
    next();
  });
};

jwToken.js

/**
 * jwToken
 *
 * @description :: JSON Webtoken Service for sails
 * @help        :: See https://github.com/auth0/node-jsonwebtoken & http://sailsjs.org/#!/documentation/concepts/Services
 */
 
var
  jwt = require('jsonwebtoken'),
  tokenSecret = "secretissecet";

// Generates a token from supplied payload
module.exports.issue = function(payload) {
  return jwt.sign(
    payload,
    tokenSecret, // Token Secret that we sign it with
    {
      expiresInMinutes : 180 // Token Expire time
    }
  );
};

// Verifies token on a request
module.exports.verify = function(token, callback) {
  return jwt.verify(
    token, // The token to be verified
    tokenSecret, // Same token we used to sign
    {}, // No Option, for more see https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback
    callback //Pass errors or decoded token to callback
  );
};

policies.js

/*
 * For more information on how policies work, see:
 * http://sailsjs.org/#/documentation/concepts/Policies
 *
 * For more information on configuring policies, check out:
 * http://sailsjs.org/#/documentation/reference/sails.config/sails.config.policies.html
 */


module.exports.policies = {

  '*': ['isAuthorized'], // Everything resctricted here
  'UsersController': {
    'create': true // We dont need authorization here, allowing public access
  },

  'AuthController': {
    '*': true // We dont need authorization here, allowing public access
  }
};

Users.js

/**
 * Users.js
 *
 * @description :: TODO: You might write a short summary of how this model works and what it represents here.
 * @docs        :: http://sailsjs.org/#!documentation/models
 */

// We don't want to store password with out encryption
var bcrypt = require('bcrypt');

module.exports = {
  
  schema: true,
  
  attributes: {
    email: {
      type: 'email',
      required: 'true',
      unique: true // Yes unique one
    },

    encryptedPassword: {
      type: 'string'
    },
    // We don't wan't to send back encrypted password either
    toJSON: function () {
      var obj = this.toObject();
      delete obj.encryptedPassword;
      return obj;
    }
  },
  // Here we encrypt password before creating a User
  beforeCreate : function (values, next) {
    bcrypt.genSalt(10, function (err, salt) {
      if(err) return next(err);
      bcrypt.hash(values.password, salt, function (err, hash) {
        if(err) return next(err);
        values.encryptedPassword = hash;
        next();
      })
    })
  },

  comparePassword : function (password, user, cb) {
    bcrypt.compare(password, user.encryptedPassword, function (err, match) {

      if(err) cb(err);
      if(match) {
        cb(null, true);
      } else {
        cb(err);
      }
    })
  }
};

UsersController.js

/**
 * UsersController
 *
 * @description :: Server-side logic for managing users
 * @help        :: See http://links.sailsjs.org/docs/controllers
 */

module.exports = {
  create: function (req, res) {
    if (req.body.password !== req.body.confirmPassword) {
      return res.json(401, {err: 'Password doesn\'t match, What a shame!'});
    }
    Users.create(req.body).exec(function (err, user) {
      if (err) {
        return res.json(err.status, {err: err});
      }
      // If user created successfuly we return user and token as response
      if (user) {
        // NOTE: payload is { id: user.id}
        res.json(200, {user: user, token: jwToken.issue({id: user.id})});
      }
    });
  }
};

I am getting this error

/home/progton/Project/halal_investment/node_modules/jsonwebtoken/sign.js:97
throw err;
^

Error: "expiresInMinutes" is not allowed in "options"
at /home/progton/Project/halal_investment/node_modules/jsonwebtoken/sign.js:41:17
at Array.forEach ()
at validate (/home/progton/Project/halal_investment/node_modules/jsonwebtoken/sign.js:37:6)
at validateOptions (/home/progton/Project/halal_investment/node_modules/jsonwebtoken/sign.js:52:10)
at Object.module.exports [as sign] (/home/progton/Project/halal_investment/node_modules/jsonwebtoken/sign.js:133:5)
at Object.module.exports.issue (/home/progton/Project/halal_investment/api/services/jwToken.js:14:14)
at Object.wrapper [as issue] (/home/progton/Project/halal_investment/node_modules/@sailshq/lodash/lib/index.js:3250:19)
at /home/progton/Project/halal_investment/api/controllers/AuthController.js:50:25
at /home/progton/Project/halal_investment/node_modules/passport/lib/http/request.js:51:48
at /home/progton/Project/halal_investment/node_modules/passport/lib/sessionmanager.js:16:14
at pass (/home/progton/Project/halal_investment/node_modules/passport/lib/authenticator.js:297:14)
at Authenticator.serializeUser (/home/progton/Project/halal_investment/node_modules/passport/lib/authenticator.js:299:5)
at SessionManager.logIn (/home/progton/Project/halal_investment/node_modules/passport/lib/sessionmanager.js:14:8)
at IncomingMessage.req.login.req.logIn (/home/progton/Project/halal_investment/node_modules/passport/lib/http/request.js:50:33)
at /home/progton/Project/halal_investment/api/controllers/AuthController.js:37:5
at Strategy.strategy.success (/home/progton/Project/halal_investment/node_modules/passport/lib/middleware/authenticate.js:214:18)
at verified (/home/progton/Project/halal_investment/node_modules/passport-local/lib/strategy.js:83:10)
at /home/progton/Project/halal_investment/config/passport.js:26:8
at /home/progton/Project/halal_investment/node_modules/bcrypt-nodejs/bCrypt.js:689:3
at _combinedTickCallback (internal/process/next_tick.js:131:7)

change your jwt config to:

jwt.sign(
payload,
tokenSecret, // Token Secret that we sign it with
{
algorithm: 'HS256',
expiresIn: 606024*30 * 7 // expires in 7 days
});

  expiresInMinutes is depreciated use   expiresIn