Authorization token is invalid: The iss claim value is not allowed error even though iss is specified at startup

[mkgn]

Prerequisites

• [X] I have written a descriptive issue title
• [X] I have searched existing issues to ensure the issue has not already been raised

Issue

my global configuration looks like below

  const opts:FastifyRegisterOptions<FastifyJWTOptions> = {
secret: server.config.SECRET,
sign: {
  notBefore: 0,
  iss: server.config.JWT_ISSUER,
  expiresIn:server.config.JWT_VALID
},
verify:{
  //allowedAud:[] load tenant list
  ignoreExpiration: false,
  ignoreNotBefore: false,
  allowedIss: "api.example.tld",
  clockTolerance: 5,
}
 }

Then I have a custom payload as below

interface Identity extends Omit<User, 'password'>{
isAuthenticated:boolean,
claims:Array<string>
}

declare module "@fastify/jwt" {
interface FastifyJWT {
  payload: SignPayloadType, // payload type is used for signing and verifying
  user: Identity
}
  }

Initially in my /login end point I just filled the Identity object and returned the token which didn't had "iss" property. Then I changed it to below

token:await reply.jwtSign({...loggedInUser, iss:request.server.config.JWT_ISSUER}),

However when validating this token it always gives this error. but if I use await request.jwtDecode(); it shows the decoded token with iss value.

What am I doing wrong?

[mkgn]

Gosh! This is embarrassing. In verify, I have not set the allowediss .... I was not drunk.. I am pretty sure....