JWT Token Secret

default discord avatar
rishi-afk
last year
1

Hello @jmikrut, @DanRibbens and fellow devs, I wanted to know what secret key is being used to sign the JWT token during the login operation? I tried to debug the value which is being used here https://github.com/payloadcms/payload/blob/master/src/auth/operations/login.ts#L132.

I have passed the secret as SECRET_KEY in the payload.config.ts and so I'm guessing that some hash function is running on the secret passed in payload config before signing the JWT.

Can someone provide me more insight on what secret is being used to sign the JWT?

  • discord user avatar
    jmikrut
    Payload Team
    last year

    Hey @rishi-afk — yep, you got it. Our secret keys need to be 32 characters exactly, so Payload takes in the secret key from the init options, creates a hash from the incoming random string, and then saves the first 32 characters.

    You can take a look at the init method to see exactly what happens.

    Does this answer your question?

    3 replies
  • default discord avatar
    rishi-afk
    last year

    That's great thank you! I had one more question regarding the name of the cookie, which by default is set as 'payload-token'. I'd like to use different cookie names for different payload apps. Is there a way to do this?

  • discord user avatar
    DanRibbens
    Payload Team
    last year

    Hi @rishi-afk,
    Take a look at cookiePrefix in https://payloadcms.com/docs/configuration/overview#options.

    Is that what you're looking for?

  • default discord avatar
    rishi-afk
    last year

    @DanRibbens That's perfect. I don't know how I missed that in the docs. Thank you for the quick reply :)

Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.