Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unnecessary requirement for secret and salt in getToken when raw is set to true #11889

Closed
alimorgaan opened this issue Sep 22, 2024 · 0 comments · Fixed by #11894
Closed

Unnecessary requirement for secret and salt in getToken when raw is set to true #11889

alimorgaan opened this issue Sep 22, 2024 · 0 comments · Fixed by #11894
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@alimorgaan
Copy link
Contributor

alimorgaan commented Sep 22, 2024
edited
Loading

Environment

 System:
    OS: Linux 6.8 Ubuntu 22.04.5 LTS 22.04.5 LTS (Jammy Jellyfish)
    CPU: (8) x64 Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
    Memory: 16.27 GB / 19.20 GB
    Container: Yes
    Shell: 5.8.1 - /usr/bin/zsh
  Binaries:
    Node: 20.11.0 - /usr/bin/node
    Yarn: 1.22.21 - /usr/bin/yarn
    npm: 10.8.2 -
    pnpm: 9.6.0 - ~/.local/share/pnpm/pnpm
  Browsers:
    Brave Browser: 129.1.70.117
    Chrome: 129.0.6668.58
  npmPackages:
    next: ^14.0.3 => 14.2.5 
    next-auth: ^5.0.0-beta.20 => 5.0.0-beta.20 
    react: ^18.3.1 => 18.3.1

Reproduction URL

https://github.com/alimorgaan/next-auth-getToken-raw-issue/

Describe the issue

In the getToken helper function from next-auth/jwt, setting raw: true should return the token without requiring the secret or salt. However, currently, the function throws an error asking for both secret and salt even when raw is set to true.

This seems unnecessary because when raw: true is used, the function should return the raw token directly without needing any decoding or verification, which usually requires the secret and salt.

image

What I’ve tried so far:

  • i attempted passing any dummy string to avoid throwing error it worked fine

image

How to reproduce

  1. Import the getToken function from next-auth/jwt.
  2. Use the following code to call getToken with raw: true:
import { getToken } from "next-auth/jwt";

const token = await getToken({
    req: request,
    raw: true,
});
  1. Do not provide secret or salt in the configuration.
  2. Observe the error requesting the secret and salt.

Expected behavior

When using raw: true, the getToken function should return the token as-is without requiring the secret or salt, since no verification or decoding should occur in this case. The current behavior of throwing an error requesting these fields is unexpected.
@alimorgaan alimorgaan added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Sep 22, 2024
@alimorgaan alimorgaan mentioned this issue Sep 23, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(getToken): make 'secret' optional when raw JWT is requested alimorgaan/next-auth-fix-get-token
1 participant
@alimorgaan