search

JamesRandall / FunctionMonkey

Write more elegant Azure Functions with less boilerplate, more consistency, and support for REST APIs. Docs can be found at https://functionmonkey.azurefromthetrenches.com
MIT License
294 stars 50 forks source link

FunctionMonkey.TokenValidator.Implementation.TokenValidator issues #94

Closed alexeymarkov closed 4 years ago

alexeymarkov commented 5 years ago

Hello,

  1. In case of invalid JWT it thrown an exception and a function returns 500 but it should return 404 (with logging of an original exception). To fix it add

    catch (ArgumentException e)
{
return null;
}

    because ArgumentException is thrown when CanReadToken returns false.

  2. catch (SecurityTokenSignatureKeyNotFoundException)
{
Configuration.ConfigurationManager.RequestRefresh();
num++;
}

    it seems in this case the configuration won't be updated because await Configuration.ConfigurationManager.GetConfigurationAsync(CancellationToken.None) is called outside of the loop.

  3. Exceptions are also not caught when calling await Configuration.ConfigurationManager.GetConfigurationAsync(CancellationToken.None). This means a function will return 500 but I think it should return 404 (eventually with logging of an original exception).

alexeymarkov commented 5 years ago

If you are agree I could apply fixes and provide a PR :-)

JamesRandall commented 5 years ago

Agree they are all issues. If you can easily do a PR please do - otherwise give me a couple of days and I'll get these addressed.

alexeymarkov commented 5 years ago

PR: https://github.com/JamesRandall/FunctionMonkey/pull/96

JamesRandall commented 4 years ago

Thanks for the PR - now merged.