From 8115a7c66cdb1d86b0d2a0d76b9aa33c2bfaa33b Mon Sep 17 00:00:00 2001 From: Iain Collins Date: Mon, 27 Jul 2020 04:30:14 +0100 Subject: [PATCH] Add option to get raw JWT from getToken helper --- package.json | 2 +- src/lib/jwt.js | 7 ++++++- www/docs/configuration/options.md | 4 ++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index a6bf2fc996..9a7602ce93 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "next-auth", - "version": "3.0.0-beta.25", + "version": "3.0.0-beta.26", "description": "Authentication for Next.js", "homepage": "https://next-auth.js.org", "repository": "https://github.com/iaincollins/next-auth.git", diff --git a/src/lib/jwt.js b/src/lib/jwt.js index b34dc3f303..af414a3f9d 100644 --- a/src/lib/jwt.js +++ b/src/lib/jwt.js @@ -97,7 +97,8 @@ const getToken = async (args) => { // Use secure prefix for cookie name, unless URL is NEXTAUTH_URL is http:// // or not set (e.g. development or test instance) case use unprefixed name secureCookie = !(!process.env.NEXTAUTH_URL || process.env.NEXTAUTH_URL.startsWith('http://')), - cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token' + cookieName = (secureCookie) ? '__Secure-next-auth.session-token' : 'next-auth.session-token', + raw = false } = args if (!req) throw new Error('Must pass `req` to JWT getToken()') @@ -112,6 +113,10 @@ const getToken = async (args) => { token = decodeURIComponent(urlEncodedToken) } + if (raw) { + return token + } + try { return await decode({ token, ...args }) } catch (error) { diff --git a/www/docs/configuration/options.md b/www/docs/configuration/options.md index bc7465e44c..7c09c3561d 100644 --- a/www/docs/configuration/options.md +++ b/www/docs/configuration/options.md @@ -178,6 +178,10 @@ It also supports the following options: The `secureCookie` option is ignored if `cookieName` is explcitly specified. +* `raw` - (boolean) Get raw token (not decoded) + + If set to `true` returns the raw token without decrypting or verifying it. + :::note The JWT is stored in the Session Token cookie, the same cookie used for tokens with database sessions. :::