#Custom email verification handler returns invalid JWT

2 messages · Page 1 of 1 (latest)

red gorge Sep 18, 2025, 9:54 AM

Hi everyone,

I’m on Payload v3.49 and built a custom /verify endpoint that validates an email verification token and then creates a JWT for the user. I’m signing the JWT manually with jsonwebtoken using req.payload.secret.

The problem: subsequent authenticated requests return 403 Forbidden, which makes me think my JWT is not structured the way Payload expects.

Questions:

What is the correct way to generate a valid JWT?

Here’s a simplified version of my handler:
const jwt = require('jsonwebtoken');
const token = jwt.sign(
{
id: user.id,
collection: 'users',
},
req.payload.secret,
{ expiresIn: '30d' }
);

gritty sinewBOT Sep 18, 2025, 9:54 AM

New Community-Help Thread Created!

Help is on the way! To mark it as solved, use the /solve command. In the meantime, here are some existing threads that may help you:

Documentation:

Community-Help:

local authentication with the payload token (for socket.io)?