JWT Token generated by another backend: Missing jti/wrong scope errors
mariohmol opened this issue · comments
Mario Mol commented
HI, thanks for this repo.
I'm trying to make an express app to generate a JWT token that will be used in the devise-jwt backend.
I was having a Missing jti
error, then I included my payload to be
const payload = { user_id: req.user.id, jti: req.user.id , aud: 'myappname'}
Then I started to get the "wrong scope" error.
Any suggestions on how to accomplish it? Is it possible to another backend generate the JWT and make the devise-jwt to use that ?
This is how I have my user model:
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:jwt_authenticatable , jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
Thanks a lot,
Mario Mol commented
Hi,
I could make it work in this way:
- make a token in your backend like this example. ou have to have scp as
user
and can't have an aud.
const payload = {
scp: 'user',
user_id: req.user.id,
jti: req.user.id.toString(),
// aud: 'dont pass aud'
}
- After that you have to implement a method in your User model, like:
scope :find_for_jwt_authentication, ->(q) { where('id = ?', q).first }
And our token will pass the sub as the user.id.
Mario Mol commented
Is any method that I can implement to be executed just after the jwt token pass? I want to make some extra steps in session when this happens! thanks a lot!