I have a hapi server implementation which leverages hapi-auth-jwt2 as the default auth strategy. In this auth strategy, I have configured a custom verify function
I take all the defaults when configuring the plugin
This method does some default verification of JWT which probably works perfectly if you are not using a customVerify function. In my case my customVerify function does not leverage a public key for verification and as a result this method is unable to verify the provided jwt token. As a result the secret or public key must be provided is thrown.
The following issue was discovered while troubleshooting the behavior identified in https://github.com/hapijs/nes/issues/292
I have a hapi server implementation which leverages hapi-auth-jwt2 as the default auth strategy. In this auth strategy, I have configured a custom verify function
I take all the defaults when configuring the plugin
configuration when defining the strategy
as part of the auth interface provided by the hapi server a verify method exists. hapi nes and presumably other libraries rely on this interface to verify authentication. https://github.com/hapijs/hapi/blob/master/lib/auth.js#L100
this method finds the auth strategy. If the auth stategy defined a
verify
method like hapi-auth-jwt2 does the verify method will be invoked https://github.com/hapijs/hapi/blob/master/lib/auth.js#L120In the case of hapi-auth-jwt2 the invocation of this verify method calls https://github.com/dwyl/hapi-auth-jwt2/blob/master/lib/index.js#L295
This method does some default verification of JWT which probably works perfectly if you are not using a customVerify function. In my case my customVerify function does not leverage a public key for verification and as a result this method is unable to verify the provided jwt token. As a result the
secret or public key must be provided
is thrown.I think I expect the verify function defined in https://github.com/dwyl/hapi-auth-jwt2/blob/master/lib/index.js#L295 to execute
options.verify
if provided.maybe something like