I am new to typescript and experimenting with porting an express app to use typescript. The server uses JWTs for authentication/authorisation and I have a utility function that decodes and verifies a given token. The function is wrapped in a promise so I can use async/await in the middleware that implements it.

import httpError from 'http-errors';
import jwt from 'jsonwebtoken';

const { ACCESS_TOKEN_SECRET } = process.env;

export function verifyAccessToken(token: string): Promise<jwt.JwtPayload | undefined> {
  return new Promise((resolve, reject) => {
    jwt.verify(token, ACCESS_TOKEN_SECRET as string, (err, payload) => {
      if (err) {
        return reject(new httpError.Unauthorized());
      }
      return resolve(payload);
    });
  });
}

This function works fine, however I have additional information in the JWT. Specifically I have a role property, thus the payload is of type:

{
  sub: string,  // ID issued by mongoose
  role: string, // My new information that is causing error
  iat: number,
  exp: number
}

My problem is that the type for JwtPayload from @types/jsonwebtoken does not contain role hence when the Promise resolves, I get a typescript error when trying to access payload.role in the authentication middleware.

import { RequestHandler } from 'express';
import httpError from 'http-errors';
import { verifyAccessToken } from '../utils'

export const authenticate: RequestHandler = async (req, res, next) => {
  try {
    const authHeader = req.headers['authorization'] as string;
    if (!authHeader) {
      throw new httpError.Unauthorized();
    }

    const accessToken = authHeader.split(' ')[1];
    if (!accessToken) throw new httpError.Unauthorized();

    const payload = await verifyAccessToken(accessToken);
// If I try to access payload.role here I get an error that type JwtPayload does not contain 'role'

    next();
  } catch (err) {
    next(err);
  }
};

How do I extend the JwtPayload type to add the role property? I have tried to define my own custom type and completely override the type returned from jwt.verify() but this throws an error that no overload matches this call.

interface MyJwtPayload {
  sub: string;
  role: string;
  iat: number;
  exp: number;
}

// ... then in the utility function replace jwt.verify() call with
jwt.verify(token, ACCESS_TOKEN_SECRET as string, (err, payload: MyJwtPayload) => {

Thanks.

You should be able to achieve this via declaration merging.

Somewhere in your code add this:

declare module "jsonwebtoken" {
    export interface JwtPayload {
        role: string;
    }
}

This should extend the interface as you want it.

redeclare the jsonwebtoken module with an extended Payload, then parse/cast the verified token accordingly.

import * as jwt from 'jsonwebtoken'

declare module 'jsonwebtoken' {
    export interface UserIDJwtPayload extends jwt.JwtPayload {
        userId: string
    }
}

export const userIdFromJWT = (jwtToken: string): string | undefined => {
    try {
        const { userId } = <jwt.UserIDJwtPayload>jwt.verify(jwtToken, process.env.JWT_COOKIE_SECRET || 'MISSING_SECRET')

        return userId
    } catch (error) {
        return undefined
    }
}

You should be able to achieve this via declaration merging.

Somewhere in your code add this:

declare module "jsonwebtoken" {
    export interface JwtPayload {
        role: string;
    }
}

This should extend the interface as you want it.

import { Jwt } from 'jsonwebtoken';

export type Token = Jwt;

Here is how you do it for Nextjs and Typescript

import * as jwt from 'jsonwebtoken';

export const verifyToken = async (token: string): Promise<string | false> => {
    try {
        const decoded = await (<jwt.JwtPayload>(
            jwt.verify(token, process.env.JWT_SECRET!)
        ));

        return decoded.role!;
    } catch (error: any) {
        return false;
    }
};