search

fastify / help

Need help with Fastify? File an Issue here.
https://www.fastify.io/
65 stars 8 forks source link

I'm unable to sign my JWT token. #506

Closed ghost closed 3 years ago

ghost commented 3 years ago

💬 Question here

I've made the whole login/signing part, now I need to create the JWT part and I'm unable to sign my JWT token. I'm getting the wollowing error: Expected "options" to be a plain object

const token = await app.jwt.sign(
    {id: user._id.toHexString()},
    process.env.JWT_SECRET_KEY,
    { algorithm: 'RS256' }
)

return {
    ok: true,
    msg: "Login was successful",
    token
}

Your Environment

  "dependencies": {
    "bcryptjs": "^2.4.3",
    "dotenv": "^10.0.0",
    "express": "^4.17.1",
    "fastify": "^3.19.2",
    "fastify-formbody": "^5.1.0",
    "fastify-jwt": "^3.0.0",
    "fastify-mongodb": "^4.0.0",
    "fastify-static": "^4.2.2",
    "mongodb": "^4.0.1",
    "pino-pretty": "^5.1.2"
  }

Terminal Log

[1627739508317] INFO (15788 on archPC): incoming request
    req: {
      "method": "POST",
      "url": "/login",
      "hostname": "localhost:8080",
      "remoteAddress": "127.0.0.1",
      "remotePort": 52136
    }
    reqId: "req-1"
[1627739508454] ERROR (15788 on archPC): Expected "options" to be a plain object.
    req: {
      "method": "POST",
      "url": "/login",
      "hostname": "localhost:8080",
      "remoteAddress": "127.0.0.1",
      "remotePort": 52136
    }
    res: {
      "statusCode": 500
    }
    reqId: "req-1"
    err: {
      "type": "Error",
      "message": "Expected \"options\" to be a plain object.",
      "stack":
          Error: Expected "options" to be a plain object.
              at validate (/home/damian/Documents/freedates.org/server/node_modules/jsonwebtoken/sign.js:40:11)
              at validateOptions (/home/damian/Documents/freedates.org/server/node_modules/jsonwebtoken/sign.js:58:10)
              at Object.module.exports [as sign] (/home/damian/Documents/freedates.org/server/node_modules/jsonwebtoken/sign.js:141:5)
              at Object.sign (/home/damian/Documents/freedates.org/server/node_modules/fastify-jwt/jwt.js:131:18)
              at Object.handler (/home/damian/Documents/freedates.org/server/server.js:103:37)
    }
[1627739508457] INFO (15788 on archPC): request completed
    res: {
      "statusCode": 500
    }
    responseTime: 137.77541299909353
    reqId: "req-1"

Must be a bug because when using normal JWT module it works.

const token = jwt.sign(
            {id: user._id.toHexString()},
            process.env.JWT_SECRET_KEY
        )

        return {
            ok: true,
            msg: "Login was successful",
            token
        }
Asjas commented 3 years ago

You aren't passing an options object as the second argument, that is what the error is telling you. The second argument to jwt.sign needs to be an object and you are passing process.env.JWT_SECRET_KEY which will be a string an not an object.

You should be setting the secret of fastify-jwt when you register the plugin.

https://github.com/fastify/fastify-jwt#usage

fastify.register(require('fastify-jwt'), {
  secret: 'supersecret'
})
ghost commented 3 years ago

You aren't passing an options object as the second argument, that is what the error is telling you. The second argument to jwt.sign needs to be an object and you are passing process.env.JWT_SECRET_KEY which will be a string an not an object.

You should be setting the secret of fastify-jwt when you register the plugin.

https://github.com/fastify/fastify-jwt#usage

fastify.register(require('fastify-jwt'), {
  secret: 'supersecret'
})

It worked thanks. (I've removed the secret from the signing) My issue is here that the part that you have linked here says this:

Register as a plugin. This will decorate your fastify instance with the >>> standard jsonwebtoken methods decode, sign, and verify <<<; refer to their documentation to find how to use the utilities. It will also register request.jwtVerify and reply.jwtSign. You must pass a secret when registering the plugin.

To make it easier to see let me cut it out

standard jsonwebtoken methods decode, sign, and verify

refer to their documentation to find how to use the utilities.

"Their" JWT documentation says that signing takes a payload, secret and options. So this means that the fastify-jwt and JWT mothods aren't the same.

Short said, the part that you've linked causes confusion.

ghost commented 3 years ago

I would say that everything is clear now and the Documentation of fastify-jwt is misleading. Yes, I could think of this but by saying "The jsonwebtokens methods are the same in fastify-jwt" is just misleading. Someone should definitely add some info that the secrets don't need to be passed.