Using ObjectID with jwt.sign() and verify() Using ObjectID with jwt.sign() and verify() mongoose mongoose

Using ObjectID with jwt.sign() and verify()


json node.js mongodb mongoose bson

This of course is subjective to how you actually supply the data to .sign() in the first place, being the difference of simply supplying the "object" of ObjectID or by supplying the value instead.

This is actually covered in the general usage for .sign() as :

If payload is not a buffer or a string, it will be coerced into a string using JSON.stringify.

So in a nutshell that version is going to "stringify" the Object form an require some "digging". In your form the decoded object then has properies of id with a sub-property of data which contains an array of bytes than can be converted into a Buffer. So that's what you do:

  let newId = Buffer.from(req.decoded.id.data).toString('hex');

And newId would then be a "string" represented by the 'hex' encoded values of the bytes. This of course would be translated by mongoose into an ObjectId when issued in any "query" or "update" as matching the schema for _id.

Of course the "alternative" would be simply to .sign() using the .toString() value from the ObjectId in the first place. Then the result of .verify() would simply the be "hex string" that as supplied, rather than the JSON.stringify result on the ObjectID itself.

To demonstrate with a listing:

const bson = require('bson'),      jwt = require('jsonwebtoken');// Stored ObjectIDconsole.log("Round 1");(function() {  let id = new bson.ObjectID();  console.log("Created: %s", id);  let token = jwt.sign(id,'shhh');                // Supply value as ObjectID  let decoded = jwt.verify(token,'shhh');  console.log("Interim");  console.log(decoded);  let newId = Buffer.from(decoded.id.data).toString('hex');  console.log("Decoded: %s", newId);})();console.log("\nRound 2");// Stored String value(function() {  let id = new bson.ObjectID();  console.log("Created: %s", id);  let token = jwt.sign(id.toString(), 'shhh');    // Supply value as string  let decoded = jwt.verify(token,'shhh');  console.log("Decoded: %s", decoded);})();

Gives the output, showing the input values and decoded values:

Round 1Created: 59857328090c497ce787d087Interim{ _bsontype: 'ObjectID',  id:   { type: 'Buffer',     data: [ 89, 133, 115, 40, 9, 12, 73, 124, 231, 135, 208, 135 ] },  iat: 1501917992 }Decoded: 59857328090c497ce787d087Round 2Created: 59857328090c497ce787d088Decoded: 59857328090c497ce787d088

And demonstrates both forms of usage for supplying the value to .sign() and what comes out from the subsequent .verify() calls.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last