Provide own jwt-verify option

Question

Provide own jwt-verify option

deadbaed opened this issue 2 years ago · 1 comments

Hi,

I'm trying to use passport-jwt and im stuck on validating my JWT.

In strategy.js on line 105, when i log the jwt_error I get this:

TypeError: "EdDSA" is not a valid algorithm.
  Supported algorithms are:
  "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".

This error is normal, because I sign my JWTs with the EdDSA alg, which is not supported in the included jsonwebtoken npm package.

When I look at verify_jwt.js, I see the only thing it does is to call the verify option of the jsonwebtoken package.

So my question is: how would it be possible to tell passport-jwt that im providing my own way of verifying the JWTs?

I use https://github.com/panva/jose to create my JWKs, and I use it to sign my JWTs, and it supports the EdDSA alg, which jsonwebtoken does not. So I'd like to use this lib to verify my JWTs.

If anyone has any hints or already did something like this, I would love some input!

thanks!

Answer 1 · 2022-09-09T17:54:01.000Z

Current not unfortunately as you said current driver jsonwebtoken hardcoded.

However, this functionality is available in rewrite where jose has an abstrate driver and the jwk can be passed directly.