Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is there a way to change an object stored in a token or to re-state the token without becoming unauthenticated

See original GitHub issue

I have a sessions object for a user with the following keys: email, value, session_id, user_id and roles where roles contains a key value pair of a certain event and the user’s corresponding event {1: 'ADMIN', 2: 'ANON'} . This is store in a JWT token in a cookie.

I want to update the roles object within session to {1: 'ADMIN', 2: 'ANON', 3: 'ADMIN'} , and save it as a JWT in a cookie. However, I am having problems when I try to state the token again. I have also tried unstating the previous token and re-stating the new one but this is causing authentication problems too. What is considered best practice for this kind of behaviour?

Thanks

Issue Analytics

State:
Created 7 years ago
Comments:6 (6 by maintainers)

Top GitHub Comments

1reaction

nelsoniccommented, Aug 23, 2016

@naazy this is fantastic and worth adding to the FAQ section of the Readme … https://github.com/dwyl/hapi-auth-jwt2#frequently-asked-questions-faq- 😉

1reaction

naazycommented, Aug 23, 2016

This is how we did it:

var session= request.auth.credentials;
session.roles[3]='ADMIN';
var token = JWT.sign(session, process.env.JWT_SECRET); 
reply().state('token', token, { path: '/' }).redirect('/dashboard');

Note we had to set the cookie to the path that the initial cookie was set on - otherwise we were ending up with 2 different token cookies for different paths!