amirho/docs.nestjs.com
1
0
Fork 0
mirror of https://github.com/nestjs/docs.nestjs.com.git synced 2026-02-25 22:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3371 from AdityaAnuragi/issue-3370-remove-redundant-jwt-secret-key

Browse Source 
docs(auth): remove redundant jwt secret in authentication code samples
This commit is contained in:
Kamil Mysliwiec
2026-01-03 13:06:50 +01:00
committed by GitHub
parent 99fe6fa72f 3fda9cf3a3
commit 64e8949ad2
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
content/security/authentication.md
View File

@@ -242,6 +242,8 @@ export class AuthService {
}
const payload = { sub: user.userId, username: user.username };
return {
// 💡 Here the JWT secret key that's used for signing the payload
// is the key that was passsed in the JwtModule
access_token: await this.jwtService.signAsync(payload),
};
}
@@ -266,6 +268,8 @@ export class AuthService {
}
const payload = { username: user.username, sub: user.userId };
return {
// 💡 Here the JWT secret key that's used for signing the payload
// is the key that was passsed in the JwtModule
access_token: await this.jwtService.signAsync(payload),
};
}
@@ -368,7 +372,6 @@ import {
UnauthorizedException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { jwtConstants } from './constants';
import { Request } from 'express';
@Injectable()
@@ -382,12 +385,9 @@ export class AuthGuard implements CanActivate {
throw new UnauthorizedException();
}
try {
const payload = await this.jwtService.verifyAsync(
token,
{
secret: jwtConstants.secret
}
);
// 💡 Here the JWT secret key that's used for verifying the payload
// is the key that was passsed in the JwtModule
const payload = await this.jwtService.verifyAsync(token);
// 💡 We're assigning the payload to the request object here
// so that we can access it in our route handlers
request['user'] = payload;
@@ -524,9 +524,9 @@ export class AuthGuard implements CanActivate {
throw new UnauthorizedException();
}
try {
const payload = await this.jwtService.verifyAsync(token, {
secret: jwtConstants.secret,
});
// 💡 Here the JWT secret key that's used for verifying the payload
// is the key that was passsed in the JwtModule
const payload = await this.jwtService.verifyAsync(token);
// 💡 We're assigning the payload to the request object here
// so that we can access it in our route handlers
request['user'] = payload;