JWT decode examples? #2390
-
|
Is there any documentation outlining how to decode JTW's? I have group/role information coming in from Cognito that I'd like to use on the backend, but haven't been able to successfully decode the tokens. When decoding the accessToken in jwt.io, I get the right group information, but am not sure what the recommended way of doing it with Next-Auth is. Can any help / share some links to more reading? I haven't been able to find much on next-auth's site. Thanks! My configuration is below in case its needed! export default NextAuth({
// https://next-auth.js.org/configuration/providers
providers: [
Providers.Cognito({
clientId: process.env.COGNITO_CLIENT_ID,
clientSecret: process.env.COGNITO_CLIENT_SECRET,
domain: process.env.COGNITO_DOMAIN,
}),
],
session: {
jwt: true,
maxAge: parseInt(process.env.AUTH_JWT_AGE_SECONDS) || 60 * 60 * 5,
},
jwt: {
secret: process.env.SECRET,
},
pages: {
signIn: '/auth/login', // Displays signin buttons
// signOut: '/auth/signout', // Displays form with sign out button
// error: '/auth/error', // Error code passed in query string as ?error=
// verifyRequest: '/auth/verify-request', // Used for check email page
// newUser: null // If set, new users will be directed here on first sign in
},
callbacks: {
// async signIn(user, account, profile) { return true },
async redirect(url, baseUrl) {
return url
},
async jwt(token, user, account, profile, isNewUser) {
if (account?.accessToken) {
token.accessToken = account.accessToken
}
return token
},
},
// Events are useful for logging
// https://next-auth.js.org/configuration/events
events: {},
debug: false,
}) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi, the access token you receive from your provider (Cognito) is not meant to be decoded by us. You will use it to send to your API, which would be able to decode it. So your config looks already good. Whenever you make an API call, you just have to pass the access token as an authorization header bearer token. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply! So I'm using the jsonwebtoken package and am trying to decode it via the following code in one of my API (next) calls.
However, I am running into an invalid algorithm error: |
Beta Was this translation helpful? Give feedback.
-
|
There are two different JWTs here. the one we use to store session info (encoded/decoded automatically by us), and the one you receive from your provider (Cognito in your case). We don't have the necessary info to do anything else send the latter forward. You should check the Cognito documentation on how to use their access token. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot! In case anyone is having difficulties, in addition to the above comments, this helped clear things up for me: |
Beta Was this translation helpful? Give feedback.
Hi, the access token you receive from your provider (Cognito) is not meant to be decoded by us. You will use it to send to your API, which would be able to decode it. So your config looks already good. Whenever you make an API call, you just have to pass the access token as an authorization header bearer token.