warden-jwt_auth icon indicating copy to clipboard operation
warden-jwt_auth copied to clipboard

Published 20 hours ago verified publisher icon waiting-for-dev

JWT::DecodeError must be suppressed as JWT::ExpiredSignature is

Open brunoarueira opened this issue 3 years ago • 1 comments

Expected behavior

When I use an invalid JWT through the revocation middleware, it should suppress the JWT::DecodeError as JWT::ExpiredSignature. This will allow to handle properly on the receiving part of the request and generate a proper HTTP status.

Actual behavior

When I use an invalid JWT through the revocation middleware, it raises an exception JWT::DecodeError, since this middleware will resolve after the response was generated occurring in a 500 HTTP status and not preserving any HTTP status previously defined.

Steps to Reproduce the Problem

  1. Configure this gem
  2. Send an invalid JWT
  3. Receives an exception about JWT::DecodeError

Debugging information

brunoarueira avatar Jul 13 '22 14:07 brunoarueira

Trying to understand. Isn't it the other way round? We're catching JWT::DecodeError here:

https://github.com/waiting-for-dev/warden-jwt_auth/blob/09c78d747cab802180e4d93a14cc33cf313e27d0/lib/warden/jwt_auth/strategy.rb#L22

waiting-for-dev avatar Aug 03 '22 03:08 waiting-for-dev

Closing, feel free to follow up, though.

waiting-for-dev avatar Sep 16 '22 12:09 waiting-for-dev