passport-jwt icon indicating copy to clipboard operation
passport-jwt copied to clipboard

Published 20 hours ago verified publisher icon mikenicholson

feat(lib/extract_jwt): correctly parse comma terminated token

Open jrc2139 opened this issue 3 years ago • 2 comments

My stack is NestJs, Auth0, Passport, and GraphQL. I noticed that the parsed jwt token from the Authorization Header being passed from lib/verify_jwt.js#L4 was including a trailing comma like:

auth_params: {
    scheme: 'Bearer',
    value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c,
  }

This fix just checks if the token terminates with a comma and returns it without the comma.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

jrc2139 avatar Mar 28 '22 13:03 jrc2139

looks good 👏

b-o-993 avatar Apr 07 '22 13:04 b-o-993

This can be easily solved with a custom extractor, see an example of this case in the documentation of my pull request and furthermore this is not standard behaviour of nestjs, so I don't know why this happens to you.

Outternet avatar Sep 09 '22 17:09 Outternet