refactor: Replace `jsonwebtoken` with `jose` - Githubissues

kriasoft / graphql-starter-kit

💥 Monorepo template (seed project) pre-configured with GraphQL API, PostgreSQL, React, and Joy UI.

https://graphqlstart.com

MIT License

3.88k stars 553 forks source link

refactor: Replace `jsonwebtoken` with `jose` #345

Closed koistya closed 2 years ago

koistya commented 2 years ago

Use an RSA (asymmetric) key pair for JWT signing/verification (RSASSA-PKCS1-v1_5)
These key pair can be generated using yarn generate:keys --env <envName> command
Remove JWT_SECRET passphrase in favor of PUBLIC_KEY, PRIVATE_KEY
Replace jsonwebtoken with jose as a more modern alternative, supporting JWK keys

BREAKING CHANGE:

If you're using createIdToken, verifyIdToToken helper methods, you need to add await:

// BEFORE
createIdToken(...)
verifyIdToken(...)
createState(...)
verifyState(...)

// AFTER
await createIdToken(...)
await verifyIdToken(...)
await createState(...)
await verifyState(...)