cloudflare-docs icon indicating copy to clipboard operation
cloudflare-docs copied to clipboard
verified publisher icon cloudflare

Programmatic verification for Node.js example does not work with jose 6

Open zdunecki opened this issue 2 months ago • 2 comments

Example URL(s)

  • https://developers.cloudflare.com/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/validating-json/#javascript-nodejs-example

Actual Behavior

For jose 6 error like Received an instance of CryptoKey. I've checked with jose 5 - everything works fine.

Expected Behavior

With jose 6 verification should pass without any errors.

Additional information

No response

zdunecki avatar Nov 12 '25 02:11 zdunecki

@bondz Would you happen to know anything about this issue since you added the original jose example? https://github.com/cloudflare/cloudflare-docs/pull/17824

ranbel avatar Nov 13 '25 00:11 ranbel

I've tested with jose v6.0.0 and the latest version of jose on node24 and node22 and node20 but I don't see this error, nor do I see it in a prod deployment I have that's been running for a while now on jose v6.0.12.

I tried to reproduce the error with the code below, adapted from the docs.

Save this as jose-test.cjs and run node jose-test.cjs

const jose = require('jose');

// The Application Audience (AUD) tag for your application
const AUD = '<replacethis>'

// Your CF Access team domain
const TEAM_DOMAIN = 'https://<replacethis>.cloudflareaccess.com';
const CERTS_URL = `${TEAM_DOMAIN}/cdn-cgi/access/certs`;

const JWKS = jose.createRemoteJWKSet(new URL(CERTS_URL));

const verifyToken = async (data) => {
  // Check for the AUD environment variable
  if (!AUD) {
    console.error('AUD is not set');
    return false;
  }

  const token = data.token;

  if (!token) {
    console.error('Token is not set');
    return false;
  }

  try {
    const result = await jose.jwtVerify(token, JWKS, {
      issuer: TEAM_DOMAIN,
      audience: AUD,
    });

    return result.payload;
  } catch (err) {
    console.error('Invalid token', err);
    return false;
  }
};


const result = verifyToken({ token: 'example.jwt.token' }).then(console.log);

One possibility is that it might be an issue with esm but maybe you could try sharing an example to reproduce your error.

bondz avatar Nov 13 '25 00:11 bondz

This issue was closed automatically because there has been no response from the original author. As it stands currently, we don't have enough information to take action. If you believe this issue was closed in error, a) apologies and b) open a new issue and reference this one in the body.

github-actions[bot] avatar Dec 16 '25 00:12 github-actions[bot]