Payload is now part of Figma! Learn More
Simplify your stack and build anything. Or everything.
Schedule a Demo
USE CASES
Headless CMSEnterprise App BuilderHeadless E-CommerceDigital Asset Management
FEATURES
Multi-TenancyWhite LabelLocalizationAccess ControlAuth
CASE STUDIES

See what others are building with Payload.

Browse Case Studies
Build tomorrow’s web with a modern solution you truly own.
PAYLOAD IS FOR
DevelopersMarketing teamsEnterprise companiesAgencies & Consultancies
COMPARE PAYLOAD
Payload vs WordPressPayload vs ContentfulPayload vs SanityPayload vs StrapiPayload vs Directus
AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a PartnerFind a Partner
Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubReleasesBlogGuides & Tutorials
Community
RoadmapDiscordCommunity Help
Resources for Developers

Get the resources you need to start building today

Guides & TutorialsExplore Docs
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOAI Auto-EmbeddingPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftASICSBlue OriginHello BelloTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case studyBrowse all
LoginGet Started
Community Help

How to use the local API to get the user from the payload-token?

default discord avatar
zenwhiskersmeowlast year
7

I am using the local API server-side in nextjs server action and server components. I can get the payload-token from cookies(). Now I'd like to know how I can get the user from the local payload API, only if the JWT is untampered.

  • discord user avatar
    jarrod_not_jared
    last year

    Not sure if it’s a coincidence or if you asked the same question on Reddit. But I answered there if anyone finds this thread



    https://www.reddit.com/r/PayloadCMS/comments/1gxo8g9/how_to_use_the_payloadtoken_with_the_local_api/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
  • default discord avatar
    gfwgfwlast year

    payload.auth({ headers: request.headers })

  • default discord avatar
    zenwhiskersmeowlast year

    Thanks, I went to multiple cities and cried wolf!! Rly wanted to get unblocked on a Friday night. Hopefully it helps people that the issue is in two places.



    payload.auth() taking the headers is nice!! can trust payload for all the JWT verification, checking for tampering, extracting the claims... nice indeed



    good work everyone 🙂



    its working great

  • default discord avatar
    gfwgfwlast year

    also there are some utils in payload, you can decrypt the jwt manually

  • default discord avatar
    zenwhiskersmeowlast year

    where is that? i thought i had to pnpm add jose and use (await getPayload().secret) as the secret



    it seemed like payload wouldve given us something like this so i was suspicious i was duplicating effort



    even though my problem is solved it could be useful to verify the jwt manually in other use cases

  • default discord avatar
    gfwgfwlast year

    maybe this, packages/payload/src/auth/. Payload JWT is HS256, you can even write your own utils use jose or jsonwebtoken.


    somthing like:


    function isValidToken(token: string): boolean {
  // Implement your token validation logic here
  // This is just a placeholder example
  const hash = crypto
    .createHash('sha256')
    .update(process.env.PAYLOAD_SECRET || '')
    .digest('hex')
    .slice(0, 32)
  try {
    const decoded = jwt.verify(token, hash, { algorithms: ['HS256'] })
    return true
  } catch {
    return false
  }
}
  • default discord avatar
    zenwhiskersmeowlast year

    thank you!

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.