Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional authFields for JWT payload. #42

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Optional authFields for JWT payload. #42

wants to merge 1 commit into from

Conversation

AmadoGuerrero
Copy link

@AmadoGuerrero AmadoGuerrero commented Mar 2, 2021
edited
Loading

A project that I'm currently working on for school uses this library (so thank you for that).

However, we needed more data in the JWT payload (specifically a role). So I added some code to account for that.

Putting it simply, if you want a field to be sent in the JWT payload, add it to the authFields when creating the user, like so:

{
    "email": "[email protected]",
    "password": "password",
    "role": "admin",
    "age": 28,
    "authFields": ["role", "age"]
}

The accessToken returned will contain the email, sub (id), and any other fields that are in the authFields array.
And as a bonus, its retroactive. So any existing users in the db.json that you would like the JWT payload to return more fields on, just add the authFields array to it, and it'll work.

@piotr-cz
Copy link

piotr-cz commented Mar 8, 2021

Exactly what I've been looking for!

@jeremyben
Copy link
Owner

Thank you for your PR.
The use case really makes sense.

The implementation is smart, but that would make the client request dependent to authFields, introducing a small coupling with the json-server prototype.

I'm planning on adding a configuration file or object, to be able to change auth-related keys (email, password, etc), without impact to the request shape. Sounds good to you ?

@AmadoGuerrero
Copy link
Author

Hey Jeremy, thanks for your response.

If by dependent you mean required when creating a user, it isn't. It's completely optional. You can continue to use the package exactly like you have before. If that's not what you meant, then I trust your judgment.

With that being said though, I do really like the idea of a conf file or object (I thought about doing that as well, but I wanted to keep the change small).

So, if you are going to implement that, it sounds good to me!

@piotr-cz
Copy link

piotr-cz commented Mar 10, 2021
edited
Loading

Idea: would it be possible to extend json-server.json configuration file?

@ha10id
Copy link

ha10id commented Apr 25, 2021

Hi, people! My simple solution to return record from user table. changed user.js a little for this: in create and login function

return new Promise((resolve, reject) => {
    let usr = JSON.parse(JSON.stringify(user));
    delete usr.password;
    jwt.sign({ email, user: usr }, constants_1.JWT_SECRET_KEY, { expiresIn: constants_1.JWT_EXPIRES_IN, subject: String(user.id)      }, (error, idToken) => {...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AmadoGuerrero @piotr-cz @jeremyben @ha10id