amirho/docs.nestjs.com
1
0
Fork 0
mirror of https://github.com/nestjs/docs.nestjs.com.git synced 2026-02-21 20:31:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(auth): remove redundant jwt secret in authentication code samples

Browse Source 
The secret is already configured in JwtModule and does not need to be
passed again to `verifyAsync` method of `JwtService`.

Reference to issue raised: #3370
This commit is contained in:
AdityaAnuragi
2026-01-02 23:36:56 +05:30
parent 99fe6fa72f
commit 3fda9cf3a3
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
content/security/authentication.md
View File

@@ -242,6 +242,8 @@ export class AuthService {
}
const payload = { sub: user.userId, username: user.username };
return {
// 💡 Here the JWT secret key that's used for signing the payload
// is the key that was passsed in the JwtModule
access_token: await this.jwtService.signAsync(payload),
};
}
@@ -266,6 +268,8 @@ export class AuthService {
}
const payload = { username: user.username, sub: user.userId };
return {
// 💡 Here the JWT secret key that's used for signing the payload
// is the key that was passsed in the JwtModule
access_token: await this.jwtService.signAsync(payload),
};
}
@@ -368,7 +372,6 @@ import {
UnauthorizedException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { jwtConstants } from './constants';
import { Request } from 'express';
@Injectable()
@@ -382,12 +385,9 @@ export class AuthGuard implements CanActivate {
throw new UnauthorizedException();
}
try {
const payload = await this.jwtService.verifyAsync(
token,
{
secret: jwtConstants.secret
}
);
// 💡 Here the JWT secret key that's used for verifying the payload
// is the key that was passsed in the JwtModule
const payload = await this.jwtService.verifyAsync(token);
// 💡 We're assigning the payload to the request object here
// so that we can access it in our route handlers
request['user'] = payload;
@@ -524,9 +524,9 @@ export class AuthGuard implements CanActivate {
throw new UnauthorizedException();
}
try {
const payload = await this.jwtService.verifyAsync(token, {
secret: jwtConstants.secret,
});
// 💡 Here the JWT secret key that's used for verifying the payload
// is the key that was passsed in the JwtModule
const payload = await this.jwtService.verifyAsync(token);
// 💡 We're assigning the payload to the request object here
// so that we can access it in our route handlers
request['user'] = payload;