Comments (4)
kamilmysliwiec
commented on May 3, 2024
Thanks for reporting! Would you like to create a PR for this issue?
from jwt.
EJMason
commented on May 3, 2024
@kamilmysliwiec Sure thing! Did you envision anything other than removing the toString call? My plan was to remove it and add some unit tests. Was the toString motivated by any edge case that I could also address in the PR?
from jwt.
EJMason
commented on May 3, 2024
@kamilmysliwiec Also, one more thing. Looks like there is a method overload in the jsonwebtoken library that allows users to pass a callback instead of a private key as a second parameter for the verify method. This enables the ability to fetch keys from an external source instead of keeping them in state.
// Verify using getKey callback
// Example uses https://github.com/auth0/node-jwks-rsa as a way to fetch the keys.
var jwksClient = require('jwks-rsa');
var client = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
});
function getKey(header, callback){
client.getSigningKey(header.kid, function(err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
jwt.verify(token, getKey, options, function(err, decoded) {
console.log(decoded.foo) // bar
});Check out the typescript definitions for the 2 overloads:
/**
* Asynchronously verify given token using a secret or a public key to get a decoded token
* token - JWT string to verify
* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
* secretOrPublicKey can be a function that should fetch the secret or public key
* [options] - Options for the verification
* callback - Callback to get the decoded token on
*/
export function verify(
token: string,
secretOrPublicKey: string | Buffer | GetPublicKeyOrSecret,
callback?: VerifyCallback,
): void;
export function verify(
token: string,
secretOrPublicKey: string | Buffer | GetPublicKeyOrSecret,
options?: VerifyOptions,
callback?: VerifyCallback,
): void;And here is the type for the GetPublicKeyOrSecret
export type GetPublicKeyOrSecret = (
header: JwtHeader,
callback: SigningKeyCallback
) => void;This functionality didn't exist in the Nestjs/jwt package, but might be worth calling out in the docs that you currently can't do this. In the future this could be an added feature that can simplify this behavior using the nest api. Food for thought.... 🤔
from jwt.
kamilmysliwiec
commented on May 3, 2024
Fixed in 6.1.2
from jwt.
Related Issues (20)
- sign function dosent take secret registred in module HOT 1
- secretOrPrivateKey must have a value HOT 3
- jwt module shoud extends ConfigurableModuleClass HOT 1
- Wrong dependency @types/jsonwebtoken HOT 1
- vulnerability in dependancy jsonwebtoken <=8.5.1 HOT 1
- Updating `jsonwebtoken` dependency HOT 3
- Update `@types/jsonwebtoken` to ^9.0.0 HOT 2
- secretOrPrivateKey must have a value HOT 1
- secretOrPrivateKey has a minimum key size of 2048 bits for RS256 after upgrade to nest/jwt 10.0.2 HOT 1
- How to invalidate a token? HOT 2
- BigInt not supported HOT 1
- type error while using `expiresIn` in `signAsync` HOT 7
- Expose internal Jsonwebtoken errors from @Next/jwt HOT 1
- Issue: Missing 'requestProperty' in @nestjs/jwt Library HOT 1
- JsonWebTokenError: secretOrPublicKey must be an asymmetric key when using RS256 HOT 1
- Error: secretOrPrivateKey must have a value HOT 1
- No valid invalid token for verification HOT 2
- wrong signature for sign() HOT 1
- Unexpected behavior when getting a value from .env file for expiresIn property via the ConfigModule / ConfigService HOT 1
- Can not import JwtService, JwtModule after installed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.