How do I encrypt JWT (HS256) with secret in version 3 #107
Replies: 3 comments
-
Please understand that SIGNING a JWT does not mean it's encrypted.
Rightfully so. Even without asking for a stack i can tell the problem is not with the types of this lib, but rather how you call node's
Strings make terrible secrets, because they're assuming a readable encoding. I will not be opening the API to string key material inputs anymore.
|
Beta Was this translation helpful? Give feedback.
-
|
To simply sign a JWT from a string secret, I used this code : const token = await new jose.SignJWT({ key: "value" })
.setProtectedHeader({ alg: "HS256" })
.sign(new TextEncoder().encode(SECRET_STRING)) |
Beta Was this translation helpful? Give feedback.
-
|
You have to tell So, instead of: crypto.createSecretKey(this.tokenSecret)
// ^ Argument of type 'string' is not assignable
// to parameter of type 'ArrayBufferView'…do this: crypto.createSecretKey(this.tokenSecret, 'utf-8') |
Beta Was this translation helpful? Give feedback.
-
Hi,
First, thanks to all the hard work!
Before in version 2 I used the following to encrypt with HS256:
Where tokenSecret is a string, algorithm is "HS256" (string type) en tokenTtl is "60m" (string type). Now I have updated the package to version 3.
When I try:
Typescript will tell me that tokenSecret (string) is not assignable to "ArrayBufferView". Can there be a simple example with signing with a secret key (string)?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions