Type mismatch error with expressJwtSecret and express-jwt@7

[tpluscode]

Describe the problem

Typescript does not like the return type of jwksRsa.expressJwtSecret. I get this error when relying on TS to resolve the types

TS2322: Type 'SecretCallbackLong | GetVerificationKey' is not assignable to type 'Secret | GetVerificationKey'. Type 'SecretCallbackLong' is not assignable to type 'Secret | GetVerificationKey'. Type 'SecretCallbackLong' is not assignable to type 'GetVerificationKey'.

What was the expected behavior?

No type errors

Reproduction

import { expressjwt as jwt } from 'express-jwt'
import jwksRsa from 'jwks-rsa'

const authorize = jwt({
    // Dynamically provide a signing key
    // based on the kid in the header and
    // the signing keys provided by the JWKS endpoint.
    secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri,
    }),
})

This can be mitigated by explicitly typing as GetVerificationKey

Environment

• Version of this library used: 2.1.2
• Other modules/plugins/libraries that might be involved: express-jet@7.7.0

[trasherdk]

import { expressjwt as jwt } from 'express-jwt'
import jwksRsa from 'jwks-rsa'

const authorize = jwt({
    // Dynamically provide a signing key
    // based on the kid in the header and
    // the signing keys provided by the JWKS endpoint.
    secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri,
    }) as GetVerificationKey,
})

Source: https://github.com/auth0/express-jwt/issues/288#issuecomment-1122524366

[adamjmcgrath]

Yep, thanks for posting the workaround. Not much we can do in this SDK about https://github.com/auth0/express-jwt/issues/288#issuecomment-1122524366

[shaunco]

At a minimum, the express-demo README should be updated to point out the as GetVerificationKey workaround for typescript users.