Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
MIddleware should accept custom JWT decode method to correctly read custom-signed JWT
See original GitHub issueDescription 📓
Middleware is calling getToken directly without providing any decode methods. By getToken() uses jwtDecrypt from jose package, and it will probably throws error when the JWT is not signed in the same way. It will throw error when we provide custom JWT encode/decode inside [...nextauth].ts
There should be a way to synchronize / share settings between [...nextauth].ts and _middleware.ts
How to reproduce ☕️
// [...nextauth].ts
import jwt from "jsonwebtoken";
...
jwt: {
encode: async ({ secret, token }) => {
// Do other stuff
return jwt.sign(token as any, secret, { algorithm: "HS256" });
},
decode: async ({ secret, token }) => {
return jwt.verify(token as string, secret, {
algorithms: ["HS256"],
}) as any;
},
},
// Any _middleware.ts
export { default } from "next-auth/middleware"
Contributing 🙌🏽
No, I am afraid I cannot help regarding this
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:5 (4 by maintainers)
Top Results From Across the Web
How to decode JWT token? || Adding a middleware in ExpressJs
Playlist Link:https://youtube.com/playlist?list=PLtIU0BH0pkKoMHtGr0lEpq8j507cGIKf2🤩 GitHub Repo (Do give star): ...
Read more >Next.js | NextAuth.js
The middleware function will only be invoked if the authorized callback returns true . Custom JWT decode method. If you have a custom...
Read more >How To Use JSON Web Tokens (JWTs) in Express.js
Learn how to implement a JSON Web Token authentication system using JavaScript and ExpressJS. This tutorial will cover verification, ...
Read more >c# - Accessing dotnetcore middleware AFTER a JWT Token is ...
User was empty/unauthenticated when it went through your custom middleware. In this "passive" mode, the authentication scheme won't be invoked ...
Read more >A look behind the JWT bearer authentication middleware in ...
That means you must be sure to only use tokens over SSL/TLS to ensure they cannot be intercepted and stolen. What is a...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Agreed. Lets keep everything simple unless a rewrite / breaking change is going to be introduced.
What I’ve seen in the codebase is declaring a const that you export in nextauth file itself called authOptions https://github.com/nextauthjs/next-auth/blob/001354eaa8053427d996d2e7c0b3eba69e0552cb/apps/dev/pages/api/auth/[...nextauth].ts I’ve copied it myself, maybe that’s good enough for now? Adding an auth.config.js in the future might be useful to make it easier from scratch to use appropiate config that can be reused across the codbase or different repos/projects.