Core: authentication with jwt does not work anymore

Would you mind re-generate the JWT token and then verify?

Ia am using fresh tokens. I use the following code to generate a token for a user:

const token = await auth
        .withRefreshToken()
        .attempt(email.trim(), password)

and use the returned token on subsequent requests. Until now this method returned the current user based on the token:

async get ({auth}) {
    return auth.user
}

Looking into it

Seems to be working fine on my end. Can u share the JWT config from config/auth.js file?

Sure.

{
  authenticator: 'jwt',
  jwt: {
    serializer: 'lucid',
    model: 'App/Models/User',
    scheme: 'jwt',
    uid: 'email',
    password: 'password',
    options: {
      secret: 'self::app.appKey'
    }
  }
}

I'm looking through the changes since 4.0.28 and can't find anything related to api or authentication..
But it is definitely related to "@adonisjs/framework": "^4.0.29" because if I go back a version it works again.

Everything seems to be fine. So there was security bug in the way config values are resolved. I fixed that, but everything seems to be working fine after that at my end.

Lemme do a full diagnose and get back to you

@rhwilr Do u want to try it once by installing following repos from Github ( develop branch )

npm install https://github.com/adonisjs/adonis-framework.git\#develop
npm install https://github.com/adonisjs/adonis-auth.git\#develop

Your awesome! It works :+1:
I guess I will have to change

   jwt: {
     secret: 'self::app.appKey'
   }

as mentioned in your blog post. Would you recommend changing it to:

   jwt: {
     secret: Env.get('APP_KEY')
   }

Yes. I am planning to drop self reference since it causes performance overhead.

Published at @adonisjs/[email protected] and @adonisjs/[email protected]

You're the best! Thanks for resolving this issue so quickly. :+1:

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.