New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
MIddleware should accept custom JWT decode method to correctly read custom-signed JWT #4181
Comments
Yeah, I think we could add |
Yes I think so. As long as the middleware is only used to read session and protect pages, decode would be enough. Some extra thoughts: |
@balazsorban44 I have made PR to address this issure. Feel free to have a look, thanks! |
What I've seen in the codebase is declaring a const that you export in nextauth file itself called authOptions |
Agreed. Lets keep everything simple unless a rewrite / breaking change is going to be introduced. |
Description 馃摀
next-auth/packages/next-auth/src/next/middleware.ts
Line 84 in 7636de4
Middleware is calling
getToken
directly without providing anydecode
methods. BygetToken()
usesjwtDecrypt
fromjose
package, and it will probably throws error when the JWT is not signed in the same way. It will throw error when we provide custom JWT encode/decode inside[...nextauth].ts
There should be a way to synchronize / share settings between
[...nextauth].ts
and_middleware.ts
How to reproduce 鈽曪笍
Contributing 馃檶馃徑
No, I am afraid I cannot help regarding this
The text was updated successfully, but these errors were encountered: