Skip to content

Issue #55 — Backend: JwtHelper — Temp Token & Verification Utilities #670

New issue
New issue
Open
Open
Issue #55 — Backend: JwtHelper — Temp Token & Verification Utilities#670
Labels
good first issueGood for newcomers
@yusuftomilola

Description

@yusuftomilola
yusuftomilola
opened on Mar 18, 2026

Location: backend/src/auth/helper/jwt-helper.ts

Description

The 2FA login flow requires a short-lived "pending" JWT that is issued after a user passes the password check but before they complete the second factor. This token proves the user entered the correct password without granting full access. It must expire quickly (5 minutes) and carry a type claim of "2fa_pending" so it cannot be reused as a real access token.

The JwtHelper class already exists in the codebase and handles token generation and refresh — this issue extends it with two new methods needed specifically for the 2FA flow.

Acceptance Criteria

  • A generateTempToken(userId: string): string method is added to JwtHelper that:
    • Signs a payload of { sub: userId, type: '2fa_pending' } using the existing JWT secret
    • Sets expiry to '5m'
    • Returns the signed token string
  • A verifyWithSecret(token: string): JwtPayload method is added to JwtHelper that:
    • Wraps jwtService.verify() with the application JWT secret
    • Throws UnauthorizedException with message "Invalid or expired token" if verification fails
    • Returns the decoded payload
  • Both methods follow the existing code style and error handling patterns in JwtHelper
  • npx tsc --noEmit passes with no errors

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions