Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow secret to be passed as an option to sign and verify #336

Merged
merged 2 commits into from
Jul 9, 2020
Merged

Allow secret to be passed as an option to sign and verify #336

merged 2 commits into from
Jul 9, 2020

Conversation

wprk
Copy link
Contributor

@wprk wprk commented Jul 1, 2020
edited
Loading

PR Checklist

PR Type

What kind of change does this PR introduce?

[ ] Bugfix
[x] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Build related changes
[ ] CI related changes
[ ] Other... Please describe:

What is the current behavior?

There is currently no way to override the secret passed in from the module. This makes it difficult if you want to use a different secret for two different sign calls for example and access token and a refresh token

Issue Number: #302

What is the new behavior?

The new behaviour allows you to pass a secret in to the sign, signAsync, verify and verifyAsync methods to override the secret from the one passed into the module. It does not override the secretOrKeyProvider though.

Does this PR introduce a breaking change?

[ ] Yes
[x] No

Other information

It's possible you may want the secret to override the secretOrKeyProvider but I wasn't sure. Happy to tweak this PR if you'd prefer it that way.

wprk added 2 commits July 1, 2020 20:43
@wprk
<feature>: Allow secret to be passed as an option to sign and verify
80d078a 
This allows you to pass the `secret` property in the options of sign, signAsync, verify and verifyAsync. It does not override a secretOrKeyProvider though only the secret passed into the JwtModule.

Resolves #302
@wprk
<docs>: Update docs for sign, signAsync, verify and verifyAsync call …
60aecc5 
…signatures
nartc
nartc reviewed Jul 5, 2020
View reviewed changes
lib/jwt.service.ts
const signOptions = this.mergeJwtOptions(
options,
{ ...options },
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this spread for some TypeScript error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I spread it because I needed a copy of the object so I could remove the secret property in the mergeJwtOptions function without it affecting the original object.

@kamilmysliwiec kamilmysliwiec merged commit 4f67f04 into nestjs:master Jul 9, 2020
@kamilmysliwiec
Copy link
Member

Thank you!

@maitrungduc1410
Copy link
Contributor

maitrungduc1410 commented Sep 8, 2020
edited
Loading

Hi @kamilmysliwiec , do you think this should also be possible to override publicKey and privateKey.

I think in production many people (including me) using RSA key instead secret to sign JWT token. And if secret can be override then public/private Key should be same.

Thank you

@kamilmysliwiec
Copy link
Member

@maitrungduc1410 would you like to create a PR for this?

@maitrungduc1410
Copy link
Contributor

@kamilmysliwiec I just created PR #401 for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nartc nartc nartc left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wprk @kamilmysliwiec @maitrungduc1410 @nartc