From e7e18159e2cfd2a82c6b71fdb1801f6f847aaa31 Mon Sep 17 00:00:00 2001
From: Sync Fork <sync_fork@workflows.com>
Date: Thu, 22 Feb 2024 00:03:49 +0000
Subject: [PATCH] Merge upstream changes

---
 .changeset/poor-panthers-shout.md                 |  5 +++++
 packages/hasura-auth-js/package.json              |  2 +-
 packages/hasura-auth-js/src/hasura-auth-client.ts |  4 ++--
 pnpm-lock.yaml                                    | 10 +++++++---
 4 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/poor-panthers-shout.md

diff --git a/.changeset/poor-panthers-shout.md b/.changeset/poor-panthers-shout.md
new file mode 100644
index 0000000000..09b438c7a3
--- /dev/null
+++ b/.changeset/poor-panthers-shout.md
@@ -0,0 +1,5 @@
+---
+'@nhost/hasura-auth-js': patch
+---
+
+fix(hasura-auth-js): replace `jwt-decode` with `jose` for decoding access tokens that works on both the browser and Node.js
diff --git a/packages/hasura-auth-js/package.json b/packages/hasura-auth-js/package.json
index 957d68b27f..328c1859ce 100644
--- a/packages/hasura-auth-js/package.json
+++ b/packages/hasura-auth-js/package.json
@@ -66,8 +66,8 @@
   "dependencies": {
     "@simplewebauthn/browser": "^6.2.2",
     "fetch-ponyfill": "^7.1.0",
+    "jose": "^5.2.2",
     "js-cookie": "^3.0.5",
-    "jwt-decode": "^3.1.2",
     "xstate": "^4.38.3"
   },
   "devDependencies": {
diff --git a/packages/hasura-auth-js/src/hasura-auth-client.ts b/packages/hasura-auth-js/src/hasura-auth-client.ts
index 266f5d4e65..dbc7555dba 100644
--- a/packages/hasura-auth-js/src/hasura-auth-client.ts
+++ b/packages/hasura-auth-js/src/hasura-auth-client.ts
@@ -1,4 +1,4 @@
-import jwt_decode from 'jwt-decode'
+import * as jose from 'jose'
 import { interpret } from 'xstate'
 import {
   EMAIL_NEEDS_VERIFICATION,
@@ -625,7 +625,7 @@ export class HasuraAuthClient {
   public getDecodedAccessToken(): JWTClaims | null {
     const jwt = this.getAccessToken()
     if (!jwt) return null
-    return jwt_decode<JWTClaims>(jwt)
+    return jose.decodeJwt<JWTClaims>(jwt)
   }
 
   /**
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f73d40614e..991d2949a5 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -1591,12 +1591,12 @@ importers:
       fetch-ponyfill:
         specifier: ^7.1.0
         version: 7.1.0
+      jose:
+        specifier: ^5.2.2
+        version: 5.2.2
       js-cookie:
         specifier: ^3.0.5
         version: 3.0.5
-      jwt-decode:
-        specifier: ^3.1.2
-        version: 3.1.2
       xstate:
         specifier: ^4.38.3
         version: 4.38.3
@@ -19441,6 +19441,10 @@ packages:
     resolution: {integrity: sha512-W+oqK4H+r5sITxfxpSU+MMdr/YSWGvgZMQDIsNoBDGGy4i7GBPTtvFKibQzW06n3U3TqHjhvBJsirShsEJ6eeQ==}
     dev: true
 
+  /jose@5.2.2:
+    resolution: {integrity: sha512-/WByRr4jDcsKlvMd1dRJnPfS1GVO3WuKyaurJ/vvXcOaUQO8rnNObCQMlv/5uCceVQIq5Q4WLF44ohsdiTohdg==}
+    dev: false
+
   /jpeg-js@0.4.4:
     resolution: {integrity: sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg==}
     dev: true