Skip to main content

jwt

This module contains functions and types to encode and decode JWTs issued and used by Auth.js.

The JWT issued by Auth.js is encrypted by default, using the A256GCM algorithm (JWE). It uses the AUTH_SECRET environment variable to derive a sufficient encryption key.

Note

Auth.js JWTs are meant to be used by the same app that issued them. If you need JWT authentication for your third-party API, you should rely on your Identity Provider instead.

Installation​

npm install @auth/core

You can then import this submodule from @auth/core/jwt.

Usage​

Warning

This module will be refactored/changed. We do not recommend relying on it right now.

Resources​

decode()​

decode<Payload>(params): Promise<Payload | null>

Decodes a Auth.js issued JWT.

Type parameters​

β–ͺ Payload = JWT

Parameters​

β–ͺ params: JWTDecodeParams

Returns​

Promise<Payload | null>


encode()​

encode<Payload>(params): Promise<string>

Issues a JWT. By default, the JWT is encrypted using "A256GCM".

Type parameters​

β–ͺ Payload = JWT

Parameters​

β–ͺ params: JWTEncodeParams<Payload>

Returns​

Promise<string>


getToken()​

getToken<R>(params): Promise<R extends true ? string : JWT | null>

Takes an Auth.js request (req) and returns either the Auth.js issued JWT's payload, or the raw JWT string. We look for the JWT in the either the cookies, or the Authorization header.

Type parameters​

β–ͺ R extends boolean = false

Parameters​

β–ͺ params: GetTokenParams<R>

Returns​

Promise<R extends true ? string : JWT | null>


JWT​

Returned by the jwt callback and getToken, when using JWT sessions

jwt callback | getToken

Extends​

  • Record<string, unknown>.DefaultJWT