bcrypt.compare is always returning true for jwt tokens #935
Description
- What went wrong?
I'm using bcrypt to hash and store the refresh tokens (created by jsonwebtoken library) in the database. I'm trying to compare previous refresh token with the hashed token(of previous refresh token) while issuing new tokens.
bcrypt.compare() function is returning true every time even if I pass a different jwt token which is not stored in the DB(jwt which is created using the same payload. It's returning false for the jwt created with a different payload)
I'm assuming it's not hashing or comparing the signature part of the jwt because the payload and header part of the jwt is identical every time.
-
What did you expect to happen?
To return false if the token and hashed token are different -
Which version of nodejs and OS?
Node version = 16.13.2
OS = windows 10