TypeError: invalid 'instanceof' operand KeyObject

[RbrtDdds]

Description

TypeError: invalid 'instanceof' operand KeyObject

Reproduction

import { verify } from 'jsonwebtoken';

const jwtSecret = 'fooSecret';

export const JwtDecode = (token: string): Nullable<IJwtSignModel> => {
  if (!token) return null;
  return verify(token, jwtSecret) as IJwtSignModel;
};

// *Unhandled Runtime Error
TypeError: invalid 'instanceof' operand KeyObject

Environment

Please provide the following:
typescript: 5.2.2
jsonwebtoken: 9.0.2
@types/jsonwebtoken: 9.0.5 //tried with 9.0.2 too
Next js 14

[josephdburdick]

Also facing the same issue.

[QBT-VinayAdiga]

Same issue after updating to v9

[rajeshrah22]

I might take a look

[pranavajk1]

Yes I am also facing the same issue

[loicGR]

I am also facing the same issue in my Vue2 app. It works with version 8.5.1 but not with 9.0.0.

[milinddhamu]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

[milinddhamu]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

I hope this works well for guys and maybe can close this thread.

[loicGR]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

I hope this works well for guys and maybe can close this thread.

In my Vue2 application I only use the jwt.verify method. The proposed fix does not work for me. My tokens are signed in the backend with version 9

[milinddhamu]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

I hope this works well for guys and maybe can close this thread.

In my Vue2 application I only use the jwt.verify method. The proposed fix does not work for me. My tokens are signed in the backend with version 9

As per code example you are using an string 'fooSecret' which may not be correct as per v9 they added some strict rules for generating token so when we use older method it's breaking. Please if you got any lead help me out also about how this works as they demands more of proper values and their types as per docs.

Check this out at - https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

[loicGR]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

I hope this works well for guys and maybe can close this thread.

In my Vue2 application I only use the jwt.verify method. The proposed fix does not work for me. My tokens are signed in the backend with version 9

As per code example you are using an string 'fooSecret' which may not be correct as per v9 they added some strict rules for generating token so when we use older method it's breaking. Please if you got any lead help me out also about how this works as they demands more of proper values and their types as per docs.

Check this out at - https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

I don't see any answer to the problem in the documentation.
In the backend my token is signed with version 9 of jsonwebtoken in the following way:
jwt.sign(payload, this.privateKey, {expiresIn: '1h'})

In Vue2 frontend the token is decoded with version 8.5 of jsonwebtoken in the following way:
jwt.verify(token, publicKey)
And it works.

But if I upgrade to version 9 I get the error invalid 'instanceof' operand KeyObject

[milinddhamu]

this issue is mentioned here , as after update they added some additional parameter to sign an 'ordinary' or 'illegal' string.
Checkout here - https://stackoverflow.com/a/75033994/19933510

I hope this works well for guys and maybe can close this thread.

In my Vue2 application I only use the jwt.verify method. The proposed fix does not work for me. My tokens are signed in the backend with version 9

As per code example you are using an string 'fooSecret' which may not be correct as per v9 they added some strict rules for generating token so when we use older method it's breaking. Please if you got any lead help me out also about how this works as they demands more of proper values and their types as per docs.

Check this out at - https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

I don't see any answer to the problem in the documentation.
In the backend my token is signed with version 9 of jsonwebtoken in the following way:
jwt.sign(payload, this.privateKey, {expiresIn: '1h'})

In Vue2 frontend the token is decoded with version 8.5 of jsonwebtoken in the following way:
jwt.verify(token, publicKey)
And it works.

But if I upgrade to version 9 I get the error invalid 'instanceof' operand KeyObject

So issue is when you're verifying, is it generating token perfectly. If you sign any illegal key in v9 it'll show same error. As i used it in next.js not tried in vue.

[adamsocrat]

As I have understood jsonwebtoken package is not designed for browsers and you should use packages that designed for client-side as such jwt.io javaScript libraries

[loicGR]

As I have understood jsonwebtoken package is not designed for browsers and you should use packages that designed for client-side as such jwt.io javaScript libraries

That's what I did. I opted for jwt-decode and jwt-encode