From a4eb2bd9a1f288cb34465dfc6f6cc0a41a516109 Mon Sep 17 00:00:00 2001 From: Ronan McCarter <63772591+rpmccarter@users.noreply.github.com> Date: Tue, 26 Nov 2024 21:07:27 -0800 Subject: [PATCH] update alg type --- advanced/user-auth/jwt.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/user-auth/jwt.mdx b/advanced/user-auth/jwt.mdx index ff5c1dd..3385f04 100644 --- a/advanced/user-auth/jwt.mdx +++ b/advanced/user-auth/jwt.mdx @@ -15,7 +15,7 @@ If you don’t have a dashboard, or if you want to keep your dashboard and docs Create a login flow that does the following: - Authenticate the user - Create a JWT containing the authenticated user's info in the [UserInfo](./sending-data) format - - Sign the JWT with the secret, using the ES256 algorithm + - Sign the JWT with the secret, using the EdDSA algorithm - Create a redirect URL back to your docs, including the JWT as the hash @@ -46,7 +46,7 @@ import { Request, Response } from 'express'; const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2; -const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'ES256'); +const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'EdDSA'); export async function handleRequest(req: Request, res: Response) { const userInfo = { @@ -59,7 +59,7 @@ export async function handleRequest(req: Request, res: Response) { }; const jwt = await new jose.SignJWT(userInfo) - .setProtectedHeader({ alg: 'ES256' }) + .setProtectedHeader({ alg: 'EdDSA' }) .setExpirationTime('10 s') .sign(signingKey);