Function verifyRefreshToken

verifyRefreshToken(token: string): JWTPayload
Verify and decode JWT refresh token

Validates a refresh token's signature and expiration using the JWT_REFRESH_SECRET, then returns the decoded payload containing user information. This function is used during token renewal operations to ensure the refresh token is valid and extract user data for generating new tokens.

The function performs cryptographic verification of the token signature and automatically checks expiration time. If verification fails, it throws a JsonWebTokenError that should be handled by the calling code.
Parameters
- token: string
  JWT refresh token string to verify and decode
Returns JWTPayload
Decoded token payload containing user information and JWT claims
Throws
When JWT_REFRESH_SECRET environment variable is not configured

Throws
When token signature is invalid

Throws
When token has expired

Throws
When token is not active yet
Example
```
// Verify refresh token during token renewal
try {
  const decoded = verifyRefreshToken(refreshToken);
  console.log(decoded.sub);   // User ID
  console.log(decoded.email); // User email
  console.log(decoded.role);  // User role
} catch (error) {
  if (error.name === 'TokenExpiredError') {
    console.log('Refresh token has expired');
  } else if (error.name === 'JsonWebTokenError') {
    console.log('Invalid refresh token');
  }
}
```
Example
```
// Usage in token refresh endpoint
const decoded = verifyRefreshToken(req.body.refreshToken);
const newTokens = generateTokenPair({
  userId: decoded.sub,
  email: decoded.email,
  role: decoded.role
});
```
- Defined in src/shared/utils/auth.ts:322

Function verifyRefreshToken

Parameters

Returns JWTPayload

Throws

Throws

Throws

Throws

Example

Example

Settings