1

When I sign in to surreal DB, the action succeeds and I receive an encrypted JWT:

{
    "code": 200,
    "details": "Authentication succeeded",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE2NzIwMzc2MjMsIm5iZiI6MTY3MjAzNzYyMywiZXhwIjoxNjcyMTI0MDIzLCJpc3MiOiJTdXJyZWFsREIiLCJOUyI6InRlc3QiLCJEQiI6InRlc3QiLCJTQyI6InVzZXIiLCJJRCI6InVzZXI6czFiN3JzcnlxNW9jdDVmM2FrdHEifQ.BBhUechMxdL0Vt3SIOHd3vAVDgieBRXhwhMgTZLpXn50fCB-j2P7JpA8BLwY3KmA_he4A"
}

However I need to get the decrypted token in JSOn format or so to show messages on UI. Either I need to make an additional query to fetch all metadata or I was wondering if there's a way to get the JWT token de-crypted with login response in surreal DB?

If there's no way, can someone please so a curl example of fetching all the user metadata by JWT in surreal DB?

Shivam Sahil
  • 4,055
  • 3
  • 31
  • 62

1 Answers1

1

From my knowledge it is not a very good idea to decrypt a JWT token. I was hoping to do the same, but as far as I could find it was just better to make a second query for the metadata.

DEFINE TABLE user SCHEMALESS
 PERMISSIONS
 FOR select, create, update
   WHERE id = $auth.id
 FOR delete
   WHERE id = $auth.id
   OR $auth.admin = true
;

This is what you can do instead, only allow users to query their own user entry. $auth is a predefined parameter which is present after using db.signin({ ..params } or db.authenticate(token) with a valid token. So you can then do something like below:

const result = await db.select("user");
const user = result[0];

Only the data for the currently authenticated user will be returned. You could also very much do a custom query as well:

const result: any = await db.query("SELECT * FROM user WHERE id = $auth.id");
const user = result[0].result[0];
TCM
  • 11
  • 1