Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add jwtVerify method #83

Merged
merged 14 commits into from
Jul 2, 2024
Merged

Add jwtVerify method #83

merged 14 commits into from
Jul 2, 2024

Conversation

marcomontalbano
Copy link
Member

@marcomontalbano marcomontalbano commented Jun 28, 2024
edited
Loading

What I did

I added a jwtVerify method.

This method can verify the access token before decoding.

When the verification succeeds, it resolves to the decoded access token, it rejects otherwise.

import { authenticate, jwtVerify } from '@commercelayer/js-auth'

const auth = await authenticate('client_credentials', {
  clientId: 'your-client-id',
  scope: 'market:code:europe'
})

const decodedJWT = await jwtVerify(auth.accessToken, {
  ignoreExpiration: true
})

if ('organization' in decodedJWT.payload) {
  console.log('organization slug is', decodedJWT.payload.organization.slug)
}

Tip

The jwtDecode helper method should not be used for untrusted messages, since that helper method does not verify whether the signature is valid. If you need to verify the access token before decoding, use jwtVerify instead.

Checklist

  • Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests).
  • Make sure to add/update documentation regarding your changes.
  • You are NOT deprecating/removing a feature.

@marcomontalbano marcomontalbano self-assigned this Jun 28, 2024
@marcomontalbano marcomontalbano added the enhancement New feature or request label Jun 28, 2024
malessani
malessani previously approved these changes Jul 2, 2024
View reviewed changes
@marcomontalbano marcomontalbano merged commit a314677 into main Jul 2, 2024
@marcomontalbano marcomontalbano deleted the jwt-verify branch July 2, 2024 15:00
This was referenced Sep 14, 2024
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malessani malessani malessani approved these changes

Assignees

@marcomontalbano marcomontalbano

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marcomontalbano @malessani