next auth token decrypt in external service
Unanswered
Spectacled bear posted this in #help-forum
Spectacled bearOP
hi there, im using next auth with spring boot backend, I'm getting token using next auth but im not able to use it directly. It's encyrpted with some algo and im unable to decrypt it at the backend side. Is there a way i can set the normal token into cookies with no encryption or i can set the cookie inside next auth jwt callback?
8 Replies
Spectacled bearOP
Anyone?
it's probably not a good idea to save the data unencrypted. you can use https://next-auth.js.org/configuration/options#jwt-helper to verify and decode the token
Spectacled bearOP
jwt: {
async encode({ token, secret }): Promise<string> {
const newToken = jwt.sign({ ...token }, secret);
return newToken;
},
async decode({ token }) {
const decoded = jwt.decode(token!, {
json: true,
});
return decoded;
},
},
i've override both methods, but gettoken is still returning null.
async encode({ token, secret }): Promise<string> {
const newToken = jwt.sign({ ...token }, secret);
return newToken;
},
async decode({ token }) {
const decoded = jwt.decode(token!, {
json: true,
});
return decoded;
},
},
i've override both methods, but gettoken is still returning null.
token generated from encode - eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEwMzQ1Njc1czc5MzM3NTQ0OTAyMjQwMSIsIm5hbWUiOiJqYWNrIHBoaWxsIiwiZW1haWwiOiJqYWNrOTBwaGlsbEBnbWFpbC5jb20iLCJpYXQiOjE3MTIzMjU1OTV9.79COuJwTxCQjgnBAsO19gnEtIXVLbQeQgXcDMo1QGaA
it is giving valid data after decoding but my getToken() function in middleware is still giving null, any idea why?
it is giving valid data after decoding but my getToken() function in middleware is still giving null, any idea why?
is the token in the relevant cookie? https://github.com/nextauthjs/next-auth/blob/8120fd4ccb7618f6db742e8628f903262f8fc854/packages/core/src/jwt.ts#L143
Spectacled bearOP
const authOptions: NextAuthOptions = {
providers: [
Google({
clientId: process.env.OAUTH_CLIENT_ID!,
clientSecret: process.env.OAUTH_CLIENT_SECRET!,
}),
],
jwt: {
async encode({ token, secret }): Promise<string> {
console.log("inside encode", token, secret);
const newToken = jwt.sign({ ...token }, secret);
console.log("token generated", newToken);
return newToken;
},
async decode({ token, secret }) {
const decoded = jwt.decode(token!, {
json: true,
});
return decoded;
},
},
secret: process.env.NEXTAUTH_SECRET,
callbacks: {
async jwt({ user }: { user: User | AdapterUser }) {
return { ...user };
},
session({ session, token }: { session: Session; token: JWT }) {
return {
...session,
...token,
};
},
},
};
this is the code for next auth, i've overriden the encode and decode method. Now im confused why encode is getting called twice and infact in the first call, im getting the valid data but in the next call im getting empty object and that is what causing the issue.
first call:
inside encode {
id: '10615654522401',
name: 'Rohan',
email: 'rockarwal@gmail.com',
image: 'https://lh3.googleusercontent.com/a/ACg8ocKdBae0Sm4No6Ns=s96-c'
} rdeltnyja/rbjX3sv3PE+vE3qVAR/+f4mnqNhV0+7p0=
token generated eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEwNjE2NzU3OTI1NzUyOTAyMjQwMSIsIm5hbWUiOiJSb2hhbiBBZ2dhcndhbCIsImVtYWlsIjoicm9ja3k3NzdhZ2dhcndhbEBnbWFpbC5jb20iLCJpbWFnZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FDZzhvY0tkQmFlMFNka3RTRHZLdndpelgyVUV1OGZpS3UybDgzVGtCclVWcWN6eW00Tm82TnM9czk2LWMiLCJpYXQiOjE3MTI0MDA1Mjh9.UsPxEaSz5EfGdN0coTGrrN575_k3E8hR2Tg61rXkEqc
second and third call:
inside encode {} rdeltnyja/rbjX3sv3PE+vE3qVAR/+f4mnqNhV0+7p0=
token generated eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MTI0MDA1MzB9.J6HzplWTpCTKxnDsu0FhUzPd9a28yhnXwV_lTdvw9S4
inside encode {} rdeltnyja/rbjX3sv3PE+vE3qVAR/+f4mnqNhV0+7p0=
token generated eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MTI0MDA1MzN9.Hgfe1QXTDjVIebY7o8AYr4HDI3Eicz3d9uqa1f_bezw