search

auth0 / node-jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
MIT License
17.7k stars 1.23k forks source link

Property 'nonce_supported' does not exist on type 'string | JwtPayload' #827

Open benbai123 opened 2 years ago

benbai123 commented 2 years ago

Description

@types/jsonwebtoken 8.5.8 break the nestjs application,

sample code


import * as jwt from 'jsonwebtoken';

//  identityToken, nonce are props from apple signin

const decoded = jwt.decode(identityToken, { complete: true });

// ...

if (decoded.payload.nonce_supported && nonce !== NONCE) {
  // ...
}

if (!decoded.payload.iss || decoded.payload.iss !== APPLE_BASE_URL) {
  // ...
}

if (decoded.payload.aud !== 'my.aud.string') {
  // ...
}

if (Number(decoded.payload.exp) * 1000 < my_expr_limit) {
  // ...
}

error message:

Property 'nonce_supported' does not exist on type 'string | JwtPayload'.
  Property 'nonce_supported' does not exist on type 'string'.

Property 'iss' does not exist on type 'string | JwtPayload'.
  Property 'iss' does not exist on type 'string'.

Property 'aud' does not exist on type 'string | JwtPayload'.
  Property 'aud' does not exist on type 'string'.

Property 'exp' does not exist on type 'string | JwtPayload'.
  Property 'exp' does not exist on type 'string'.

Reproduction

  1. create a nestjs app
  2. add "jsonwebtoken": "^8.5.1", to your package.json
  3. implement apple sign in as the sample above
  4. npm install
  5. npm run start then you can see the errors

Environment

Please provide the following:

benbai123 commented 2 years ago

Workaround

specify dependency "@types/jsonwebtoken": "8.5.4", in your package.json

cavewebs commented 2 years ago

We can fix the error by either using const jwt = require('jsonwebtoken');

Or since Typescript cannot infer the correct type and therefore expand other items available in jwt.payload are not known, the simplest way out is to cast the result to anyin this manner const token: any = jwt.decode()

anantakrroy commented 2 years ago

We can fix the error by either using const jwt = require('jsonwebtoken');

Or since Typescript cannot infer the correct type and therefore expand other items available in jwt.payload are not known, the simplest way out is to cast the result to anyin this manner const token: any = jwt.decode()

Using any type defeats the purpose of using Typescript and should be avoided.

CompeyDev commented 1 year ago

I worked around this by using a typeof expression checking if the type is not a string, but rather a JwtPayload. But looks like it returns a string, why? Is there a way to force JWT to only return a payload?

Naumov1889 commented 1 year ago

this problem still exists. In docs it says

(Synchronous) If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will throw the error.

But when I try to access payloads properties, ts error accrues arguing about property doesn't exists on type string.

rswdch commented 1 year ago

Isn't this more of a problem with the @types/jsonwebtoken package than jsonwebtoken itself? It seems like the types package is saying that the type returned by decode can be string | JwtPayload but I don't see any indication that a string will be returned by decode. It actually does a type check for string and tries to convert strings to objects.

You could probably safely assert as JwtPayload, otherwise type checking for a string would be the other TypeScript-friendly solution.

We should probably file this as an issue on the DefinitelyTyped repo.