Last active
October 9, 2025 02:00
-
-
Save ilhamsj/75b07425b43fcccfab58069a3c946df2 to your computer and use it in GitHub Desktop.
Decode a NextAuth.js JWE token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { jwtDecrypt } from 'jose' | |
| import { hkdf } from '@panva/hkdf' | |
| /** | |
| * Derive the encryption key the same way NextAuth does | |
| */ | |
| async function getDerivedEncryptionKey(keyMaterial: string | Buffer, salt: string) { | |
| return await hkdf( | |
| 'sha256', | |
| keyMaterial, | |
| salt, | |
| `NextAuth.js Generated Encryption Key${salt ? ` (${salt})` : ''}`, | |
| 32, | |
| ) | |
| } | |
| /** | |
| * Decode a NextAuth.js JWE token | |
| */ | |
| async function decodeNextAuthToken(token: string, secret: string) { | |
| const encryptionSecret = await getDerivedEncryptionKey(secret, '') | |
| const { payload } = await jwtDecrypt(token, encryptionSecret, { | |
| clockTolerance: 15, | |
| }) | |
| return payload | |
| } | |
| const token = process.env.PAYLOAD_JWE_SECRET || '' | |
| const secret = process.env.PAYLOAD_SECRET || '' | |
| const payload = await decodeNextAuthToken(token, secret) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment