sdd
commented
4 years ago jsonwebtoken.verify is called by koa-jwt for you. Koa-jwt verifies the token, and if the token is successfully verified, the decoded token is set to ctx.state.user by default (you can change to somewhere else on ctx.state by using opts.key.
See here: https://github.com/koajs/jwt/blob/master/lib/verify.js#L5 Which is called from here: https://github.com/koajs/jwt/blob/master/lib/index.js#L38
Is it not necessary to use verify() provided by jsonwebtoken to authenticate and parse tokens?