search

fastify / fastify-jwt

JWT utils for Fastify
MIT License
501 stars 97 forks source link

Unable to set key override on request.jwtVerify #346

Open mitja-hofer opened 1 week ago

mitja-hofer commented 1 week ago

Prerequisites

Fastify version

4.27.0

Plugin version

8.0.1

Node.js version

20.13.1

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

alpine3.18

Description

I am unable to set a custom secret key for jwt tokens when calling request.jwtVerify<Payload>({decode: {}, verify: { key: 'override' }})

The verify function still expects the key to be the same as set when registering fastifyJwt to fastify.

Example code:

fastify.register(fastifyJwt, {
  secret: 'hunter2'
}
...
fastify.get('/verify', function (request, reply) {
  const jwt = await request.jwtVerify<Payload>({decode: {}, verify: {key: 'override'}})
}

Above request fails when signing the JWT token with override, the original secret works.

Using the debugger I can see the override key is passed to jwt.js, however it is never set in const verifierOptions = mergeOptionsWithKey(options.verify || options, secretOrPublicKey).

Link to code that reproduces the bug

No response

Expected Behavior

One would expect that request.jwtVerify<Payload>({decode: {}, verify: { key: 'override' }}) will use the key specified in options.

mcollina commented 1 week ago

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.