Verifies an access token and returns its decoded payload.
Throws a JsonWebTokenError or TokenExpiredError if the token is invalid or expired — the requireAuth middleware catches these and returns a 401 response.
JsonWebTokenError
TokenExpiredError
requireAuth
401
The raw JWT string from the Authorization header
Authorization
Decoded AccessTokenPayload
AccessTokenPayload
JsonWebTokenError if the token is malformed or has an invalid signature
TokenExpiredError if the token has expired
const payload = verifyAccessToken(token)console.log(payload.userId) // "cmmyfipza0000g8iq..." Copy
const payload = verifyAccessToken(token)console.log(payload.userId) // "cmmyfipza0000g8iq..."
Verifies an access token and returns its decoded payload.
Throws a
JsonWebTokenErrororTokenExpiredErrorif the token is invalid or expired — therequireAuthmiddleware catches these and returns a401response.