Skip to main content

Override JWT `encode` and `decode` methods

danger

If you use middleware to protect routes, make sure the same method is also set in the middleware.ts options

Auth.js uses encrypted JSON Web Tokens (JWE) by default. Unless you have a good reason, we recommend keeping this behavior. Although you can override this using the encode and decode methods. Both methods must be defined at the same time.

jwt: {
  async encode(params: {
    token: JWT
    secret: string
    maxAge: number
  }): Promise<string> {
    // return a custom encoded JWT string
    return "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
  },
  async decode(params: {
    token: string
    secret: string
  }): Promise<JWT | null> {
    // return a `JWT` object, or `null` if decoding failed
    return {}
  },
}