Advice | Accessing a JWT Claim

[ghost]

Noob here - what's the best way to access claims on a JWT once validation has passed?

[timonson]

Change line 60 to console.log(email). What is the output?

[ghost]

Here we are - any advice on how to think about this error?

[timonson]

function isObject(obj: unknown): obj is object {
  return (
    obj !== null && typeof obj === "object" && Array.isArray(obj) === false
  );
}

function has<K extends string>(
  key: K,
  x: object
): x is { [key in K]: unknown } {
  return key in x;
}

if(isObject(jwtpayload) && has("email", jwtpayload)) console.log(jwtpayload.email)

Does this work?

[ghost]

@timonson that works perfectly! Thank you for being so helpful.

Could the djwt library be improved to help others who might run into this use case?
This developer experience for pulling claims from JWT is just OK - (coming from my limited experience in javascript development).

Is the approach you suggested here normal? Just curious to hear your thoughts on this.

Thank you again.

[timonson]

@PaulFish-Radius the issue is that the payload of a JWS might be any value because the specification says:

The payload can be any content and need not be a representation of a JSON object

Therefore checking if properties actually exist seems to be the right way. But I am open for better solutions of course.

Maybe it helps that the two functions isObject and hasProperty are exported in the validate.ts file now. 76cfb94

[ghost]

@timonson thank you for the addition - its great!
A best practice/ code example the readme for showing how to use isObject, hasProperty, isExpired would go a long way in helping others - I'm sure this will increase the popularity of the library as I'm sure its a common use case.

[timonson]

I added some information to the README.md eaeecdc .

[timonson]

Just for your information: My suggestions in this issue are deprecated now. The function verify returns a Payload object and is not an unknown value anymore. Thanks