Moving from 6.1.2 to 7.4.2 breaks #281
Comments
|
In 7.2.1, the secretProvider(req, header, payload, cb) gets; So the caller is passing the wrong parameters. Further, the caller is using 'option 3' when invoking this function. |
|
Can confirm that it also breaks for me too after simply upgrading (and changing the imports). I just get a "expired token" error every time |
|
The doc was outdated in 7.2.1, sorry about that. I made a major version (v7) because there are breaking changes. I fixed the readme arround 7.4 The
https://github.com/auth0/express-jwt#retrieve-key-dynamically in your case, your function can be replaced to this: module.exports.expressJwtSecret = function (options) {
if (options === null || options === undefined) {
throw new ArgumentError('An options object must be provided when initializing expressJwtSecret');
}
const client = new JwksClient(options);
const onError = options.handleSigningKeyError || handleSigningKeyError;
return function secretProvider(req, token) {
const { header } = token;
if (!header || !supportedAlg.includes(header.alg)) {
return;
}
return client.getSigningKey(header.kid)
.then(key => {
return key.publicKey || key.rsaPublicKey;
}).catch(err => {
return new Promise((resolve, reject) => {
onError(err, (newError) => reject(newError));
});
});
}
}; |
|
Hi.
Thanks for update.
I have not been able to get this to work.
The function in question (not mine) is part of another Auth0 library -
jwks-rsa.
auth0/node-jwks-rsa: A library to retrieve RSA public keys from a JWKS
(JSON Web Key Set) endpoint. (github.com)
<https://github.com/auth0/node-jwks-rsa>
I have tried to cut and paste (hack) the code together without success.
So this "integration" is broken.
Going back to the older version until Auth0 resolve the broken integration.
…On Thu, Apr 21, 2022 at 9:43 PM José F. Romaniello ***@***.***> wrote:
The doc was outdated in 7.2.1, sorry about that. I made a major version
(v7) because there are breaking changes. I fixed the readme arround 7.4
The secret function receives two parameters only:
- req: the express.js request
- token: contains payload and header
https://github.com/auth0/express-jwt#retrieve-key-dynamically
in your case, your function can be replaced to this:
module.exports.expressJwtSecret = function (options) {
if (options === null || options === undefined) {
throw new ArgumentError('An options object must be provided when initializing expressJwtSecret');
}
const client = new JwksClient(options);
const onError = options.handleSigningKeyError || handleSigningKeyError;
return function secretProvider(req, token) {
const { header } = token;
if (!header || !supportedAlg.includes(header.alg)) {
return;
}
return client.getSigningKey(header.kid)
.then(key => {
return key.publicKey || key.rsaPublicKey;
}).catch(err => {
return new Promise((resolve, reject) => {
onError(err, (newError) => reject(newError));
});
});
}};
—
Reply to this email directly, view it on GitHub
<#281 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB4ARPSZGFI6NUUTLEFIX4LVGE5N3ANCNFSM5T5VHAFA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
+1, rolled back until this integration is fixed |
|
The following rough replacement works for us for now until the integration is fixed. (I removed the import { GetVerificationKey } from 'express-jwt';
import { Jwt, Secret } from 'jsonwebtoken';
import { ExpressJwtOptions, JwksClient } from 'jwks-rsa';
export function expressJwtSecret(options: ExpressJwtOptions): GetVerificationKey {
const supportedAlg = require('jwks-rsa/src/integrations/config.js') as string[];
const client = new JwksClient(options);
return async function secretProvider(_req, token: Jwt | undefined): Promise<Secret> {
if (token) {
const { header } = token;
if (header && supportedAlg.includes(header.alg)) {
const key = await client.getSigningKey(token.header.kid);
return key.getPublicKey();
}
}
return '';
};
}We're currently on: |
|
thanks for the heads up. I will try to fix jwks-rsa |
|
I just send a PR, you can use |
|
Fixed in jwks-rsa@2.1 |
|
Thanks a lot for the fix, José! |
|
@jfromaniello, there is a small typing issue. The newest versions of express-jwt use |
|
@rene-leanix I don't understand this.. Where is that |
|
@jfromaniello, it's being imported here and used here. This should be changed to Missing interface definitions are just interpreted as |
|
@rene-leanix you are absolutely right. I was able to reproduce the issue ,but as I wanted to leave jwks-rsa compatible with the previous version of express-jwt , I added a type alias for So, the fix the issue just install |
When I upgraded from v 6.1.2 to 7.4.2 I get this error;
TypeError: cb is not a function
Error occurs within expressJwtSecret @ highlighted line
module.exports.expressJwtSecret = function (options) {
if (options === null || options === undefined) {
throw new ArgumentError('An options object must be provided when initializing expressJwtSecret');
}
const client = new JwksClient(options);
const onError = options.handleSigningKeyError || handleSigningKeyError;
return function secretProvider(req, header, payload, cb) {
if (!header || !supportedAlg.includes(header.alg)) {
### return cb(null, null);
}
};
};
The text was updated successfully, but these errors were encountered: