54 lines
1.2 KiB
Markdown
54 lines
1.2 KiB
Markdown
## JWT Configuration
|
||
|
||
### Convex auth.config.ts
|
||
|
||
issuer: https://convex.kevisual.cn
|
||
applicationID: convex-app
|
||
|
||
issuer必须与JWT中的iss字段匹配,applicationID必须与aud字段匹配。
|
||
|
||
```ts
|
||
import { AuthConfig } from 'convex/server';
|
||
|
||
export default {
|
||
providers: [
|
||
{
|
||
type: 'customJwt',
|
||
applicationID: 'convex-app',
|
||
issuer: 'https://convex.kevisual.cn',
|
||
jwks: 'https://api-convex.kevisual.cn/root/convex/jwks.json',
|
||
algorithm: 'RS256',
|
||
},
|
||
],
|
||
};
|
||
```
|
||
|
||
### Payload 例子
|
||
|
||
header必须包含kid字段以匹配jwks中的密钥ID。
|
||
|
||
```ts
|
||
import * as jose from "jose";
|
||
// 加载测试私钥
|
||
const keys = JSON.parse(await Bun.file("./jwt/privateKey.json").text());
|
||
const privateKey = await jose.importJWK(keys, "RS256");
|
||
|
||
// 生成 RS256 JWT
|
||
const payload = {
|
||
iss: "https://convex.kevisual.cn",
|
||
sub: "user:8fa2be73c2229e85",
|
||
aud: "convex-app",
|
||
exp: Math.floor(Date.now() / 1000) + 3600,
|
||
name: "Test User AA",
|
||
email: "test@example.com",
|
||
};
|
||
const token = await new jose.SignJWT(payload)
|
||
.setProtectedHeader({
|
||
"alg": "RS256",
|
||
"typ": "JWT",
|
||
"kid": "kid-key-1"
|
||
})
|
||
.setIssuedAt()
|
||
.sign(privateKey);
|
||
```
|