Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

I'm trying to implement my JWT decode functionality in Cerbos using auxiliary data.
I've added the following block to my JSON object when using the `checkResources` method:

```auxData: {
	jwt: {
		token,
		keySetId: 'default',
	},
},```
The token comes from `request.headers` in my Express app.
Since I'm doing all the decoding business in Cerbos, I was wondering how I was supposed to pass the user's id as the principal's id without decoding the token:

```const {results} = await cerbos.checkResources({
	principal: {
		id: String(user.id),
		roles: user.roles,
	},
...```


There's currently no way to map JWT claims to request fields. If your user ID is in the JWT and you need to have that ID showing up on audit logs, you have to decode it in your app. If not, you can use a placeholder value as the principal ID and make sure to write all your Cerbos policy rules to get the ID from `auxData.jwt` instead of `principal.id`.

Thanks for the reply Charith. Can you point me in the direction of docs which contain examples/explanations of these placeholders?

I don't think we have an example in the docs. By placeholder I meant a dummy value. You could set the JWT token string as the user ID value, for instance.