nestjs/jwt

wrong signature for sign()

Closed this issue · 1 comments

its-dibo commented

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

as mentioned in docs you, the correct signature of .sign() should be:

 jwt.sign(payload, secretOrPrivateKey, [options, callback])

but I see in jwt.service different signatures

    sign(payload: string, options?: Omit<JwtSignOptions, keyof jwt.SignOptions>): string;
    sign(payload: Buffer | object, options?: JwtSignOptions): string;

as you can see there are two notices here:

1- the param secretOrPrivateKey does not exist in either signature
2- the second param (options) are opposites to each other, if the payload is an object or Buffer it is JwtSignOptions which lacks too many props such as algorithm, while in the other signature, these keys are omitted by Omit<JwtSignOptions, keyof jwt.SignOptions>

export interface JwtSignOptions extends jwt.SignOptions {
    secret?: string | Buffer;
    privateKey?: jwt.Secret;
}

also, it exposes separate methods for the async versions, but .sign() it self can return either a string or a promise without the need to introduce a new method

signAsync(payload: string, options?: Omit<JwtSignOptions, keyof jwt.SignOptions>): Promise<string>;
signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>;

we can just use

sign( ... ): string | Promise<string>;

Minimum reproduction code

.

Steps to reproduce

No response

Expected behavior

the signature of .sign() should be comply to the signature provided in the docs

Package version

10.2.0

NestJS version

10.2.10

Node.js version

20.10.0

In which operating systems have you tested?

  • macOS
  • Windows
  • Linux

Other

No response

kamilmysliwiec commented

Thanks for your suggestion!

There are no plans to make any breaking changes to this package in the foreseeable future. The signature of the sign method differs from the jsonwebtoken package and it it was a deliberate decision.

If you think your request could live outside Nest's scope, we'd encourage you to collaborate with the community on publishing it as an open source package.