-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Payload has lot more data after jwt.sign in version 5.5.4, works fine in 5.5.0 #156
Comments
Thanks for reporting this issue and I am sorry to have broken your use case. These extra properties are definitely not from us, the payload you send to the sign method might have these properties and must be doing some weird things with serialization. Is this a mongoose object or something like that? I am asking this because of the |
Yes it's a user object I get from mongoose after saving the user. But, 5.5.0 it's works as expected bec, I get the same payload back after decoding. Thanks for looking into this. |
Let me explain what's going on. mongoose has a class claled Document that overrides the toJSON method as explained here: http://mongoosejs.com/docs/api.html#document_Document-toJSON In 5.5.0 we where adding exp, iat, etc to the object you pass and then calling JSON.stringify of that thing. This cause an issue for some users using mongoose as well since the toJSON method of mongoose didn't add the properties that this library added, so the resulting token didn't have expiration. Another user has this very same problem but not with mongoose, but with a "sealed" object. I fixed this issue yesterday and now I am cloning the properties of the payload when you sign the token. So I think this is the right behavior and the library was broken before that patch. I think you should generate tokens using toObject() now http://mongoosejs.com/docs/api.html#document_Document-toObject jwt.sign(doc.toObject(), secret) |
Thanks a lot for the explanation. I learned something new today :) It makes perfect sense. I will give it a shot tomorrow and update this issue. If everything checks out we can close this one. |
Had this exact same issue and toObject seemed to do the trick for me. Thanks for the explanation @jfromaniello! |
For me .toObject() also didn't work, here is my code,
After decoding this I am getting this,
|
@arindam89 put a |
My bad, it works perfectly fine. Thanks @jfromaniello , I am closing this now. |
@arindam89 no problem, I am really glad to help! Sorry to all you guys for the troubles we caused |
@jfromaniello I posted to a newly-opened issue that covers this same thing. The introduction of this problem came from using the Out of curiosity, what is the reason behind the addition of the |
Hi guys, i had this problem and now it's working perfectly.. Thank you @jfromaniello. |
Could a warning be added to the README example so people know to use |
@jfromaniello solution |
Hello Team,
Recently our app broke due the mismatch in the decoded object for jwt.verify(), this is my payload for signing the token,
In 5.5.4, the payload I got back after decoding is,
This should be fixed.
The text was updated successfully, but these errors were encountered: