Better Auth•5mo ago

JWK must be an object

Hi all, getting the following error trying to use the JWT plugin... any pointers? SERVER_ERROR: [TypeError: JWK must be an object] GET /api/auth/get-session 500 in 823ms Thanks in advance!

9 Replies

Ping•5mo ago

Can I see your auth config?

edwardrentonOP•5mo ago

I ended up just implemented my own api route to generate the jwts instead (using the schema better-auth generated) Thanks for your reply tho

Firro•5mo ago

@edwardrenton maybe this is helpful?

jwt({
  jwt: {
    expirationTime: "6h",
    async definePayload({ session, user }) {
      return createClaims(user);
    },
  },
  jwks: {
    keyPairConfig: {
      alg: "RS256",
      modulusLength: 2048,
      // @ts-expect-error This is required
      extractable: true,
    },
  },
}),

jwt({
  jwt: {
    expirationTime: "6h",
    async definePayload({ session, user }) {
      return createClaims(user);
    },
  },
  jwks: {
    keyPairConfig: {
      alg: "RS256",
      modulusLength: 2048,
      // @ts-expect-error This is required
      extractable: true,
    },
  },
}),

I think I got a similar error and at some point ended up with this config working

sneakyf1shy•5mo ago

can you provide the code for this? trying to use the JWT plugin and getting a different error: TypeError: Invalid key for this operation, its asymmetricKeyType must be rsa when using RS256 update: deleting the db/clearing all sessions + jwks seems to have fixed it?

edwardrentonOP•5mo ago

Tenuka•5mo ago

I get the error

X [ERROR] Token validation failed: TypeError: Key for the EdDSA algorithm must be one of type CryptoKey, KeyObject, or JSON Web Key. Received an instance of CryptoKey

      at asymmetricTypeCheck
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/lib/check_key_type.js:88:15)
      at default
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/lib/check_key_type.js:124:9)
      at flattenedVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jws/flattened/verify.js:76:5)
      at async compactVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jws/compact/verify.js:15:22)
      at async jwtVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jwt/verify.js:5:22) 
      at async validateToken
  (file:///D:/PROJECTS/avera-hills-web/server/actions/user/user-jwt.ts:14:24)
      at async getJWTPayload
  (file:///D:/PROJECTS/avera-hills-web/server/actions/user/user-jwt.ts:31:19)
      at async checkAdmin (file:///D:/PROJECTS/avera-hills-web/server/routers/admin-router.ts:65:18)
      at async Object.handler
  (file:///D:/PROJECTS/avera-hills-web/server/routers/admin-router.ts:418:4)
      at null.<anonymous> (async
  file:///D:/PROJECTS/avera-hills-web/.wrangler/tmp/dev-1f7Hlj/index.js:37137:28)

X [ERROR] Token validation failed: TypeError: Key for the EdDSA algorithm must be one of type CryptoKey, KeyObject, or JSON Web Key. Received an instance of CryptoKey

      at asymmetricTypeCheck
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/lib/check_key_type.js:88:15)
      at default
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/lib/check_key_type.js:124:9)
      at flattenedVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jws/flattened/verify.js:76:5)
      at async compactVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jws/compact/verify.js:15:22)
      at async jwtVerify
  (file:///D:/PROJECTS/avera-hills-web/node_modules/.pnpm/jose@6.0.11/node_modules/jose/dist/webapi/jwt/verify.js:5:22) 
      at async validateToken
  (file:///D:/PROJECTS/avera-hills-web/server/actions/user/user-jwt.ts:14:24)
      at async getJWTPayload
  (file:///D:/PROJECTS/avera-hills-web/server/actions/user/user-jwt.ts:31:19)
      at async checkAdmin (file:///D:/PROJECTS/avera-hills-web/server/routers/admin-router.ts:65:18)
      at async Object.handler
  (file:///D:/PROJECTS/avera-hills-web/server/routers/admin-router.ts:418:4)
      at null.<anonymous> (async
  file:///D:/PROJECTS/avera-hills-web/.wrangler/tmp/dev-1f7Hlj/index.js:37137:28)

Firro•5mo ago

Check the DB, the JWK config may be cached in it

sneakyf1shy•5mo ago

yeah clear out your db just delete .wrangler if youre using d1

Tenuka•5mo ago

Nh its a problem with cloudflare not supporting jose's crypto key

Gaming

Programming

JWK must be an object

Did you find this page helpful?