BA
Better Auth2w ago
daanish

jwt setting multiple audience

we have three server one is api , one chat and one is signaling server for webrtc. chat and signaliing server uses socket.io but both are in different url and audience is different current audience in jwt allows only allow one audience string instead of array or there any other solutions for this or should i create an another endpoint for this with my own implement of jwt
4 Replies
LightTab2
LightTab22w ago
This one of many issues I am working on, you can check out the PR and see how I solved this issue when you're implementing your own fix: https://github.com/better-auth/better-auth/pull/4748 I still need to finish the docs and even once I do that, I don't expect it to be merged any time soon if at all.
GitHub
feat(jwt) - refactor and plugin completeness by LightTab2 · Pull R...
Quick glossary: JWT - JSON Web Token; a {string} containing JSON Data, Signature and Claims to verify its authenticity. JWK - JSON Web Key; a key from an asymmetric key pair used to sign JWT Payloa...
daanish
daanishOP2w ago
I solved in other way By creating custom plugin Can calling sign-jwt endpoint Solved just now 
export const customJWTtoken = (): BetterAuthPlugin => {
  return {
    id: "custom-jwt",
    endpoints: {
      customJWT: createAuthEndpoint('/custom/jwt', {
        method: 'GET',
        requireHeaders: true,
        use: [sessionMiddleware]
      }, async (ctx) => {
        const session = ctx.context.session;
        const user = session.user;
        const profile = await getStudentProfileByUserId(user.id);

        const payload = {
          userId: user.id,
          username: user.name,
          role: user.role,
          phoneNumber: user.phoneNumber,
          email: user.email,
          level: profile ? profile.level : "BEGINNER",
        };

        const tokenResponse = await auth.api.signJWT({
          body: {
            payload,
            overrideOptions: {
              jwt: {
                issuer: env.BETTER_AUTH_URL,
                audience: env.WEBRTC_URL,
              }
            }
          }
        })

        return ctx.json( {
          token: tokenResponse.token
        })
      }),
    },
  } satisfies BetterAuthPlugin;
}
export const customJWTtoken = (): BetterAuthPlugin => {
  return {
    id: "custom-jwt",
    endpoints: {
      customJWT: createAuthEndpoint('/custom/jwt', {
        method: 'GET',
        requireHeaders: true,
        use: [sessionMiddleware]
      }, async (ctx) => {
        const session = ctx.context.session;
        const user = session.user;
        const profile = await getStudentProfileByUserId(user.id);

        const payload = {
          userId: user.id,
          username: user.name,
          role: user.role,
          phoneNumber: user.phoneNumber,
          email: user.email,
          level: profile ? profile.level : "BEGINNER",
        };

        const tokenResponse = await auth.api.signJWT({
          body: {
            payload,
            overrideOptions: {
              jwt: {
                issuer: env.BETTER_AUTH_URL,
                audience: env.WEBRTC_URL,
              }
            }
          }
        })

        return ctx.json( {
          token: tokenResponse.token
        })
      }),
    },
  } satisfies BetterAuthPlugin;
}
LightTab2
LightTab22w ago
Oh yeah, but you should validate it using zod and make sure client can't call it in unexpected way I just saw it's a GET request And don't ever add ...data to the payload, to disallow claim tempering
daanish
daanishOP2w ago
ok

Did you find this page helpful?