Would be nice to have some instructions on how to upgrade from v6 to v7 in either the README or Changelog. The Changelog only mentions

Convert the project to typescript and improve typescript

which I took to mean it was an internal rewrite, with no breaking changes.

But as far as I can tell there at least these two major changes that require users to modify their code:

1. The middleware function is now available as a named import rather than a default one: import { expressjwt } from 'express-jwt'
2. The decoded JWT payload is now available as req.auth rather than req.user

setting requestProperty is not available any more
and the interface for TokenGetter is not exported

isRevoked interface was changed, it passes the entire jwt instead of the payload only in the second argument, and there is no done as 3rd argument.

It would be nice if we could choose the name of the property that is used to store the token. For my part, the name auth is already used by another library which sets this value in the req object... So I have a collision between the two libraries and I can't update express-jwt.

• documented the changes here https://github.com/auth0/express-jwt#migration-from-v6
• TokenGetter is now exported
• restore the requestProperty parameter
• documented the entire api here https://github.com/auth0/express-jwt#api

released as express-jwt@7.5.0

Cannot set nested objects anymore using requestProperty, in v8 as working in v6.1.1.

v8.2.1 with requestProperty: 'payload.user', it does the following:

req: {
...
  payload: {
    foo: "bar"
  },
  "payload.user": object // the payload of token

...
}

Instead of adding user object in payload object, it creates a new property in req object with the name "payload.user".

@boobo94 thank you for reporting this, I've reverted to the previous behavior in v8.3.0.

@boobo94 thank you for reporting this, I've reverted to the previous behavior in v8.3.0.

everything works great. thanks for your help <3