Closed mkgn closed 1 year ago
my global configuration looks like below
const opts:FastifyRegisterOptions<FastifyJWTOptions> = { secret: server.config.SECRET, sign: { notBefore: 0, iss: server.config.JWT_ISSUER, expiresIn:server.config.JWT_VALID }, verify:{ //allowedAud:[] load tenant list ignoreExpiration: false, ignoreNotBefore: false, allowedIss: "api.example.tld", clockTolerance: 5, } }
Then I have a custom payload as below
interface Identity extends Omit<User, 'password'>{ isAuthenticated:boolean, claims:Array<string> } declare module "@fastify/jwt" { interface FastifyJWT { payload: SignPayloadType, // payload type is used for signing and verifying user: Identity } }
Initially in my /login end point I just filled the Identity object and returned the token which didn't had "iss" property. Then I changed it to below
token:await reply.jwtSign({...loggedInUser, iss:request.server.config.JWT_ISSUER}),
However when validating this token it always gives this error. but if I use await request.jwtDecode(); it shows the decoded token with iss value.
What am I doing wrong?
Gosh! This is embarrassing. In verify, I have not set the allowediss .... I was not drunk.. I am pretty sure....
Prerequisites
Issue
my global configuration looks like below
Then I have a custom payload as below
Initially in my /login end point I just filled the Identity object and returned the token which didn't had "iss" property. Then I changed it to below
However when validating this token it always gives this error. but if I use await request.jwtDecode(); it shows the decoded token with iss value.
What am I doing wrong?