Add option for how the JWT is extracted #6570
cded
started this conversation in
Feature Requests & Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We ran into an issue that can be solved by adding an optional option for the extraction of JWT used for authentication to the admin platform.
Here is our situation:
We use the v3 Beta version of Payload, integrating Payload directly with NextJS.
Our NextJS App handles auth via Bearer token and Authorization header.
Because Payloads integrates directly with our NextJS App, Payload picks up our own token instead of the Payload one from the cookie and that interferes with the authentication to the admin.
We localized the issue in this file:
https://github.com/payloadcms/payload/blob/v3.0.0-beta.36/packages/payload/src/auth/getExtractJWT.ts
In the getExtractJWT function, Payload checks for the JWT first and then for the cookies, so in our case it always extracts our App token instead of Payload's.
It would be great if we can specify an option to check for cookies before checking for JWT or an option to choose where to check for authentication.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions