Unable to set key override on request.jwtVerify

[mitja-hofer]

Prerequisites

• [X] I have written a descriptive issue title
• [X] I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.27.0

Plugin version

8.0.1

Node.js version

20.13.1

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

alpine3.18

Description

I am unable to set a custom secret key for jwt tokens when calling request.jwtVerify<Payload>({decode: {}, verify: { key: 'override' }})

The verify function still expects the key to be the same as set when registering fastifyJwt to fastify.

Example code:

fastify.register(fastifyJwt, {
  secret: 'hunter2'
}
...
fastify.get('/verify', function (request, reply) {
  const jwt = await request.jwtVerify<Payload>({decode: {}, verify: {key: 'override'}})
}

Above request fails when signing the JWT token with override, the original secret works.

Using the debugger I can see the override key is passed to jwt.js, however it is never set in const verifierOptions = mergeOptionsWithKey(options.verify || options, secretOrPublicKey).

Link to code that reproduces the bug

No response

Expected Behavior

One would expect that request.jwtVerify<Payload>({decode: {}, verify: { key: 'override' }}) will use the key specified in options.

[mcollina]

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.