Debugging Xano Authentication and JWT Decoding Issues: Ensuring Robust User Login Functionality
The meeting of the State Changers involves a deep dive into a complex issue related to the authentication process using a JWT token. One of the participants, Evan, is attempting to validate a JWT using Xano for authentication, which requires selecting the correct key for validation from a list.
Key issues discussed include the initialization of a hard-coded 'kid' for token validation, the need to validate tokens dynamically without hard-coded values, unexpected errors in the function logic (the key returning null), and the validation of the key through a debugger.
The State Changers went on to identify a parsing issue with the 'kid' look-up function that returned null, which was causing the JWT decode to fail. They traced the problem back to an incorrect declaration in the Xano function, where the 'this' keyword was treated as a literal string instead of referencing the object. After rectification, the function worked as expected.
The meeting also addressed the importance of caching 'Kakao keys' and the need for regular updating or rotation of these keys. The team proposed two options to keep these keys updated: one is to fetch new keys on-demand directly during the API call, and another is to run a background task that periodically updates the keys and stores them in a table. The preferred long-term solution suggested is the latter, employing a background task to update and save keys, thus reducing the latency in fetching them during each API call.
In conclusion, the meeting was a detailed debugging session aimed at resolving a problem with JWT token validation on the Xano platform with discussions on function logic, tricky errors, key management, and viable long-term solutions.